Two US senators have requested the US Senate Sergeant at Arms to disclose details about cyber-attacks against the Senate and its members.
The request has been made in a letter signed today by Ron Wyden (D-Ore.) and Tom Cotton (R-Ark.), both members of the US Senate Intelligence Committee.
“Companies and executive branches are required by state and federal law to report breaches. In contrast, Congress has no legal obligation to disclose breaches and other cyber incidents,” the two senators wrote in their letter.
“The Sergeant at Arms must be transparent in providing members of the Senate all information about the possible existence and scale of successful hacks against the Senate,” the letter reads.
“Each US senator deserves to know and has a responsibility to know, if and how many times Senate computers have been hacked, and whether the Senate’s existing cybersecurity measures are sufficient to protect both the integrity of this institution and the sensitive data with which it has been entrusted.”
The two say they understand that some data about cyber-attacks might need to remain confidential as part of ongoing investigations, or because of its sensitive nature.
However, they ask the Sergeant at Arms to at least disclose statistics about attacks as a whole, so senators can have informed debates and allocate funds to improve the Senate and senators’ cyber-security protections.
To that end, the two want the Sergeant at Arms to provide each senator with annual statistics about cyber-attacks and also commit to disclosing breaches impacting the US Senate within five days of their discovery.
Sen. Wyden’s involvement with this request is no coincidence. Last September, he was the one to reveal that several senators’ Gmail accounts had been targeted by foreign hackers.
Wyden is also the same senator who pushed the Senate Sergeant at Arms to implement full disk encryption on Senate laptops and computers, and also pushed the Senate to allow staff members to use the Signal secure messaging app for internal communications.
More cybersecurity news: