Cybersecurity, email habits and personal privacy — discussions that have grown from a murmur to a roar on Capitol Hill in recent years — are having an effect on lawmakers, forcing them to tidy up their own digital habits.
Members of Congress have long been targeted by phishing emails, which are messages coming from seemingly legitimate sources but are actually attempts to trick users into sharing their personal information. For instance, a third of about 200 million emails sent to the House in 2015 “could be categorized as virus, malware or spam,” said former House Chief Administrative Officer Will Plaster during a hearing last year. While pledging to use additional tools and security measures to monitor and stymy cyber intrusions, Plaster warned that these interlopers searching for a way into the House network are devising more “creative ways” to gain access.
In order to combat any security breaches that slip through the cracks, one congressman, who has met with the House chief information officer to discuss matters of “cyber hygiene,” is looking to coach fellow lawmakers on ways they can take cybersecurity into their own hands.
A spokesman for Rep. Ted Lieu, D-Calif., a member of the House Oversight and Government Reform Committee, told the Washington Examiner that the lawmaker is planning on giving a demonstration on mobile security vulnerabilities as well as a briefing for members and their staff.
Lieu, along with Rep. Will Hurd, R-Texas, wrote a bipartisan letter to colleagues this month to help “raise awareness and improve the security culture” in the House.
In the letter, shared with theWashington Examiner, they offer ways in which members can protect their various devices, including recommendations to adopt a two-factor authentication security process, more complex passwords for all platforms, anti-virus software and apps, and more encryption.
“Your devices will be subject to continuing cyberattacks,” they wrote. “Hopefully this letter will help you better defend against those attacks.”
Meanwhile, members of the committee charged with the daily operations of the House of Representatives are reminding their colleagues to remain vigilant in how they handle their emails and are also planning improved methods of reinforcing good habits when going online.
Rep. Gregg Harper, R-Miss., said one of his main objectives as chairman of the House Administration Committee is to “frequently engage” members and their staffs in how to handle cyberthreats and is planning ways to bolster layers of protection against breaches, including an effort to “build on” the current security training program provided to members.
“We want the House community to constantly be thinking about when, where and with whom we are sharing information,” Harper said in an email to the Washington Examiner.
New security measures are being taken Senate-side, too. A report in August last year revealed that Senate staffers received a 20-minute online security training session, their first-ever. Though it was a step in the right direction, Senate aides told Buzzfeed, “There was nothing they taught us that I wouldn’t have already known from watching like, the evening news.”
Security is a gnawing issue as “members of Congress are getting used to communicating via email,” Rep. Rodney Davis, R-Ill., told the Washington Examiner.
Even with added security measures, such as participating in training sessions, Davis stressed that caution should not be thrown into the wind.
“You can put all the [security awareness] training you want,” Davis said, before noting that anyone can still fall victim to a phishing email, such as Hillary Clinton campaign chairman John Podesta.
His advice to fellow lawmakers to mitigate the never-ending tide: “We have to be ever-vigilant.”
The Podesta hacking incident, along with intrusions into the Democratic National Committee’s email servers, proved to be embarrassing for Democrats throughout the election when the emails were made public through WikiLeaks. A recent U.S. intelligence report pinned the blame on Russian operatives and concluded they sought to “denigrate” Clinton’s chances against the eventual winner, President Trump.
Davis said he received a number of texts and emails from colleagues after the hacks targeting Democrats’ campaign groups, sharing new contact information after their old email address and phone numbers were compromised. If there’s any silver lining to those cyberattacks, Davis suggested that, by contrast, the lack of successful intrusions into House servers show the lower branch’s “cybersecurity measures are working.”
Asked if he had any knowledge on Russians trying to hack into congressional servers, Davis replied, “Not that I’m aware.”
Still, the threat is ever-present, regardless of origin. At an event last week in Washington, D.C., Rep. Mike McCaul, R-Texas, chairman of the House Homeland Security Committee, said he is constantly bombarded by phishing emails.
“I have had attachments coming to me from people I know but about subjects that are totally unrelated to that person and I know it’s phishing,” McCaul said, according to FedScoop. “I’d say almost on a daily basis.”
Davis was unaware of McCaul’s predicament when asked, but he did offer a remedy for any lawmaker who is the victim of day-to-day phishing attacks: Change your email address.