Sen. Ron Wyden implored his colleagues to enact legislation that would allow the Senate sergeant-at-arms to provide cyber protections to senators and staffers for their personal devices and accounts.
The Oregon Democrat warned Senate leaders that the state-backed Russian group responsible for hacking the Democratic National Committee before the 2016 election, “Fancy Bear,” has also tried infiltrating the personal communications networks of senators and their staffers, including Wyden’s own aides.
“Our adversaries do not limit their cyber attacks to elections infrastructure or even to official government accounts and devices; they are also targeting U.S. officials’ personal accounts and devices,” Wyden wrote in a letter Wednesday to Senate Majority Leader Mitch McConnell, Minority Leader Charles E. Schumer, Rules Committee Chairman Roy Blunt and ranking member Amy Klobuchar.
The Senate sergeant-at-arms, by Senate rules, does not have the proper authority to provide cyber coverage for senators’ and staffers’ vulnerable personal systems.
The SAA office told Wyden that it “may only use appropriated funds to protect official government devices and accounts,” he wrote.
“This approach must change to keep up with changing world realities.”
Some officials at the Department of Defense have government-funded protection on their electronic devices, and the Senate Intelligence Committee has approved an intelligence authorization bill that would grant the same coverage to officials at intelligence agencies.
Wyden wants senators and staffers to have that same protection.
He warned that the Fancy Bear attacks could be “the tip of a much larger iceberg.”
The Russian government-backed hacking effort crosses party lines.
“It affects both Republicans and Democrats. It’s about the security of our political process and our government functions and we need to work together to address it,” Shaheen said.
Hackers have not successfully penetrated any senators’ or their staff’s systems or devices this cycle to anyone’s knowledge, senators have said.
The Senate lags behind its House counterparts in cybersecurity, Roll Call found in July. The Senate does not require staff to attend mandatory training sessions. The House mandated annual sessions in 2015.
But it doesn’t mean the SAA isn’t stressing precautionary cyber measures to staff. The SAA has hosted 52 voluntary cyber awareness seminars since the start of 2017, it said in May.
Watch: McConnell Warns Russians to Keep Out of Elections, Schumer Wants More Than Words