A bipartisan Senate duo wants to know about any successful hacks of Senate devices and networks.
Democratic Senator Ron Wyden of Oregon, and Arkansas Republican Tom Cotton wrote to Senate Sargent of Arms Michael Stenger calling for an annual report on when Senate computers and smartphones have been compromised, and when hackers have otherwise gained access to sensitive Senate data.
Wyden and Cotton both serve on the Senate Intelligence Committee and are concerned about threats to Senate networks.
“Hackers continue to target all manner of government entities, and there is little doubt that Congress is squarely in their sights,” wrote the senators. “The Sergeant at Arms must be transparent in providing members of the Senate all information about the possible existence and scale of successful hacks against the Senate.”
The pair also urged the sergeant-at-arms notify to Senate leadership, members of the Senate Rules and Administration Committee and the Senate Intelligence panel about any breaches on Senate computers within five days of discovery.
“We understand that details of specific incidents may need to remain confidential, however, providing Senators with aggregate statistics about successful cyber attacks would enable the Senate to engage in informed debate about the security threats faced by the legislative branch,” they wrote.
They pointed to media reports of Russian and Chinese hackers breaching the State Department, White House and Pentagon in recent years, while the most recent publicly-disclosed breach of congressional computers was in 2009.
The senators say that the lack of data about cyber attacks in the Senate has dampened the urgency of the issue and stifled debate within the chamber about cybersecurity policy.
Wyden and Cotton’s letter comes one day after the House Chief Administrative Officer laid out the risks facing that chamber’s networks, and the path ahead for securing House devices.
“It’s the cybersecurity threats that keep me awake at night,” said Chief Administrative Officer Philip G. Kiko at a Legislative Branch Appropriations Subcommittee meeting Tuesday.
The CAO’s office manages the information technology infrastructure for the House, from email networks to hosting members’ official websites. The CAO’s office is in the process of shifting House websites to cloud computing services, where they can be secured more reliably.
“The House is undoubtedly a target of private and state-sponsored criminal cyber activity,” Kiko told the panel, citing known attacks on the parliaments of Australia and the United Kingdom.
In just one month, the CAO blocks an estimated 1.6 billion unauthorized scans, probes and connections aimed at the House network.