Congressional staffers are the gateway to all lawmaking on the Hill, but they also may be unwittingly opening the door to hackers.
The Hill’s networks are under constant attack. In 2013 alone, the Senate Sergeant at Arms’ office said it investigated 500 potential examples of malicious software, some from sophisticated attackers and others from low-level scammers. And that’s just the serious cases — in a different measurement, the House IT security office said in 2012 it blocked 16.5 million “intrusion attempts” on its networks.
But the thousands of men and women who keep Congress running every day are committing the basic cybersecurity mistakes that attackers can exploit to do harm — like in the CENTCOM social media hack or crippling breach of Sony Pictures Entertainment.
POLITICO interviews with nearly a dozen current and former staffers, as well as congressional IT security staff, reveal a typical array of poor cyber habits.
Most of the staffers interviewed had emailed security passwords to a colleague or to themselves for convenience. Plenty of offices stored a list of passwords for communal accounts like social media in a shared drive or Google doc. Most said they individually didn’t think about cybersecurity on a regular basis, despite each one working in an office that dealt with cyber or technology issues. Most kept their personal email open throughout the day. Some were able to download software from the Internet onto their computers. Few could remember any kind of IT security training, and if they did, it wasn’t taken seriously.