House CAO Issues Cybersecurity Recommendations

Posted December 15, 2009 at 4:30pm

Responding to the October leak of a confidential House ethics committee document, Chief Administrative Officer Dan Beard called Tuesday for stricter controls over House data and equipment, including annual cybersecurity training for staff.

In a two-page letter addressed to House leaders, Beard outlined a half-dozen recommendations aimed at tightening control of House-generated documents, all of which must now be reviewed by the House Administration Committee.

House leaders had sought a review of House technology policies following the release of a House ethics document that detailed investigations by both the Committee on Standards of Official Conduct and the Office of Congressional Ethics.

The House ethics committee acknowledged the veracity of the document, which was first publicized by the Washington Post and later released on WikiLeaks.org. It became public when a staffer transferred the file to a home computer and subsequently exposed it to a file-sharing network.

In addition to mandatory training, Beard’s recommendations included providing each House office with “privacy and security procedures,— as well as amending security policies to “make it clear that all sensitive House information will remain on House equipment at all times.— Beard also called for increased “firewall protection— for House networks.

Beard also wrote that House wireless equipment — which is not specified, but could include standard equipment such as mobile phones, BlackBerry devices or other items — “will be password protected and set to automatically lock if not in use.—

Aides who travel outside the United States with “wireless devices and laptop computers— will also find themselves subject to greater scrutiny, including mandatory screenings by “House security officials— both before and after travel.

Speaker Nancy Pelosi (D-Calif.) and House Minority Leader John Boehner (R-Ohio) praised the recommendations in a joint statement.

“In response to the request we made in late October, the CAO has provided us with an assessment of the security policies governing the House Information System,— the duo said. “We thank the CAO for this assessment and direct him to implement his recommendations as soon as possible to ensure the highest level of data security for House offices.—