A bipartisan bill set to be introduced on Wednesday aims to close what is regarded as a major gap in congressional cybersecurity and extend the government’s protections to senators and their staffers’ personal phones and computers.
The fact that Senate employees, especially those with high security clearance, enjoy federal security on their work devices but not the ones they purchase themselves has long been regarded as a glaring oversight by cybersecurity experts.
“It is ludicrous to expect individual senators and their staff to defend themselves from spies and hackers,” Bruce Schneier, a security lecturer at Harvard, said in a statement on the bill. “Hostile foreign intelligence services do not respect the arbitrary line between work and personal technology.”
Called the Senate Cybersecurity Protection Act, the bill, introduced by Democrat Ron Wyden from Oregon and Republican Tom Cotton from Arkansas, would task the Senate sergeant at arms with extending cybersecurity training and prevention services for staffers’ personal use and devices. The sergeant at arms has previously said that it’s only permitted to use its funding for government-issued devices and accounts.
The bill would make the sergeant at arm’s training and monitoring services optional rather than mandatory.
Cybersecurity company Trend Micro found that hackers, who the US believe were from Russian military intelligence, who stole and leaked Democrat’s emails during the 2016 presidential election campaign also targeted Senate staffers in a phishing campaign in 2017.
Trend Micro alerted the Senate sergeant at arms, which held an emergency meeting last year to address that phishing campaign but admitted it did not extend its cybersecurity coverage to personal devices.