Two Senate Intelligence Committee members introduced a bill Wednesday to protect both personal electronic devices and Senate accounts of members and staff from cybersecurity vulnerabilities and threats.
The proposal from Democratic Senator Ron Wyden of Oregon, and Arkansas Republican Tom Cotton would allow the Senate Sergeant-at-Arms to provide “voluntary cybersecurity assistance” to lawmakers and certain Senate staff to secure accounts and personal devices.
The SAA’s office is in charge of many of the technology support services in the Senate, and it offers regular cyber awareness trainings to staff in lawmakers’ offices, on committees and in their home states.
The measure would authorize the SAA to use official Senate funds to secure personal accounts. That would be a shift in policy.
The SAA has stated that it is “prohibited from using public funds to help protect non-government issued devices and accounts.” The new proposal aims to clear away statutory restrictions that have kept the SAA from assisting staff and lawmakers with securing personal devices.
“Hackers don’t differentiate between the official and personal devices of elected officials and their staff. The Senate doesn’t have the luxury of ignoring the changing landscape of cyber-attacks. No one should play politics when the future of U.S. democracy is on the line,” said Wyden in a statement.
The sponsors point to Russian interference in the 2016 elections as evidence that hackers and foreign intelligence groups are targeting both personal and official devices to influence politics.
“Our enemies will take advantage of every opportunity to undermine our democracy, and the personal devices of Senators and their staff are no exception. As the threat of cyber-attacks continues to grow, so must our ability to defend against them,” Cotton said.
Earlier this month Wyden and Cotton wrote to Senate Sergeant-at-Arms Michael Stenger calling for an annual report on when Senate computers and smartphones have been compromised, and when hackers have otherwise gained access to sensitive Senate data.
The pair also urged the Sergeant-at-Arms to notify Senate leadership, members of the Senate Rules and Administration Committee, and the Senate Intelligence panel about any breaches on Senate computers within five days of discovery.
Lawmakers boosted funding for SAA efforts to bolster Senate networks in fiscal 2018 by $12.5 million, and added $4 million for senators’ office accounts focused on staff-level measures.
The House mandated information security training for employees in early 2015, which all network users are required to complete annually. The Senate once had a parallel mandate, but it lapsed in recent years. Republican Sen. Roy Blunt of Missouri, chairman of the Rules and Administration Committee, began work in 2018 with the SAA to enhance training requirements for staff.