Wyden pushing to mandate 'basic cybersecurity' for Senate

Wyden pushing to mandate 'basic cybersecurity' for Senate
© Greg Nash

Sen. Ron WydenRonald (Ron) Lee WydenDems offer resolution to force vote to overturn IRS guidance limiting donor disclosure Hillicon Valley: NYT says Rosenstein wanted to wear wire on Trump | Twitter bug shared some private messages | Vendor put remote-access software on voting machines | Paypal cuts ties with Infowars | Google warned senators about foreign hacks Overnight Health Care: Opioids package nears finish line | Measure to help drug companies draws ire | Maryland ObamaCare rates to drop MORE (D-Ore.) is pushing Senate Committee on Rules and Administration's leadership to require a "basic cybersecurity practice" to protect Senate email and digital networks.

"As you know, the cybersecurity and foreign intelligence threats directed at Congress are significant. However, the Senate is far behind when it comes to implementing basic cybersecurity practices like two-factor identification," he wrote in a letter to Rules and Administration Committee Chairman Richard Shelby (R-Ala.) and ranking member Amy KlobucharAmy Jean KlobucharSenate Democrats increase pressure for FBI investigation of Kavanaugh Election Countdown: Trump confident about midterms in Hill.TV interview | Kavanaugh controversy tests candidates | Sanders, Warren ponder if both can run | Super PACs spending big | Two states open general election voting Friday | Latest Senate polls GOP in striking distance to retake Franken seat MORE (D-Minn.).

Two-factor identification would require Senate staff to use a second credential to log in to systems, in addition to a password. Traditionally, the three factors that can be used to verify identity are split into three categories, "something you know" (like a password), "something you have" (like a key card or physical key) and "something you are" (like biometric face and fingerprint scanning). 

ADVERTISEMENT

That type of security is required in the White House, where identification cards contain secure chips. Wyden compares the White House and Senate cards in his letter. 

"[I]n contrast to the executive branch's widespread adoption of [Personal Identity Verification] cards with a smart chip, most Senate staff ID cards have a photo of a chip printed on them, rather than a real chip," he wrote. 

Wyden notes that the Senate sergeant-at-arms requires two-factor identification to access systems off of the Senate campus. But, he notes, there is no requirement to use two-factor identification in the offices on the Hill.