U.S. senators and their staff will receive assistance from the Senate Sergeant at Arms (SAA) to protect their accounts and devices from cyber threats if a bipartisan bill introduced by Senators and Senate Intelligence Committee members Ron Wyden (D-Ore) and Tom Cotton (R-Ark) will be signed into law.
The Senate Cybersecurity Protection Act, S. 890, would allow the SAA — which is the one responsible for the Senate’s cybersecurity — to offer opt-in cybersecurity support which would help U.S. senators to be prepared when their personal devices are targeted by state-sponsored hacking groups.
According to Wyden, the bill has been endorsed by “cyber and election security experts and advocates alike”, such as Electronic Frontier Foundation, Google, Carnegie Mellon CyLab, Dragos Inc, Public Citizen, and more.
While the S. 890 bill on the U.S. Congress’ website doesn’t yet come with the full text, a press release published by Sen. Wyden on his website says that The Senate Cybersecurity Protection Act is endorsed by both security advocates and experts.
The senator also provides download links to the full text of the bill and to a quick summary at the end of the press release.
The bill’s impact
This bill permits the SAA to provide opt-in, voluntary assistance to Senators and certain Senate staff to secure their personal devices (laptops,desktops, cell phones, tablets, and other Internet-connected devices) and accounts (email, text messaging, cloud computing, social media, telephone, residential Internet, health care, and financial services).
“Cybersecurity experts agree – malicious foreign entities used targeted hacks to influence the 2016 election to their benefit, and these attacks are only going to grow more frequent and sophisticated,” Wyden says.
Also, “Hackers don’t differentiate between the official and personal devices of elected officials and their staff. The Senate doesn’t have the luxury of ignoring the changing landscape of cyber-attacks. No one should play politics when the future of U.S. democracy is on the line.”
Since it was introduced on March 27 to address the SAA’s statement that public funds can’t currently be used to “help protect non-government issued devices and accounts”, the bill was read twice and then it was referred to the Committee on Rules and Administration.
The restrictions in using public funds to provide cybersecurity help to protect senators’ electronic assets were cited by the SAA even after security experts warned that the U.S. Senate “had been targeted by foreign government hackers.”
Eligible Senate staff members
Any Senate staffer is eligible for protection, providing that their supervising Senator or the head of their office determines the staffer is “highly vulnerable to cyber attacks and hostile information collection activities because of the position of the individual.”
“Our enemies will take advantage of every opportunity to undermine our democracy, and the personal devices of Senators and their staff are no exception. As the threat of cyber-attacks continues to grow, so must our ability to defend against them,” Cotton states. “Our bill will ensure that our cyber defenses are hardened as we continue to do the work of our constituents here in the Senate.”
Two weeks ago the senators who introduced the Senate Cybersecurity Protection Act also sent a letter to the SAA requesting annual reports regarding compromised Senate devices, as well as alerts sent to the leadership and the Committees on Rules and Intelligence following Senate computer breaches.