Bipartisan cybersecurity bill would safeguard personal devices of Senate, staff

Passage of bipartisan cybersecurity legislation proposed Wednesday would permit the Senate Sergeant at Arms to help safeguard the personal devices and accounts of certain lawmakers and staff.

Introduced by Sen. Ron Wyden, Oregon Democrat, and Sen. Tom Cotton, Arkansas Republican, the Senate Cybersecurity Protection Act is the latest among several steps taken on Capitol Hill meant to prevent hackers from interfering in future federal elections by addressing gaps present during the last presidential race.

If successful, the legislation would authorize the Senate Sergeant at Arms, the federal law enforcement official in charge of the chamber’s security, “to protect the personal technology devices and accounts of Senators and covered employees from cyber attacks and hostile information collection activities,” according to its language.

Senators currently have their government assigned accounts and computers protected from hackers by federal security services. Lawmakers are responsible for defending other potential targets, including personal and campaign accounts and networks, however.

“Hackers don’t differentiate between the official and personal devices of elected officials and their staff,” Mr. Wyden said in a statement. “The Senate doesn’t have the luxury of ignoring the changing landscape of cyber-attacks. No one should play politics when the future of U.S. democracy is on the line.

“Our enemies will take advantage of every opportunity to undermine our democracy, and the personal devices of Senators and their staff are no exception,” Mr. Cotton added. “As the threat of cyber-attacks continues to grow, so must our ability to defend against them.”

The bill would apply to any senator or staffer determined to be “highly vulnerable” to cyberattacks, and it would permit them to seek voluntary assistance from the Senate sergeant at arms in the form of “training, advice, support, technical assistance and other services to prevent, detect, and recover from cyber attacks and hostile information collection activities.”

Attempts to reach the Senate sergeant at arms for comment were not immediately successful.

Proposed by two members of the Senate Intelligence Committee, the legislation is among several bills offered as a direct result of disruptive efforts waged during the 2016 presidential race, when hackers targeted election infrastructure and stole and leaked emails belonging to members of the Democratic National Committee, the Democratic Congressional Campaign Committee and former Democratic presidential candidate Hillary Clinton’s campaign.

Russian hackers conducted the Democratic intrusions likely under the command of President Vladimir Putin, U.S. intelligence officials said previously. Private industry security experts at Trend Micro and Microsoft have since blamed the same government hacking group for campaigns mounted against Senate staff in 2017 and 2018, respectively.

“It is ludicrous to expect individual senators and their staff to defend themselves from spies and hackers,” said Bruce Schneier, a cybersecurity expert and lecturer at Harvard Kennedy School who supports the bipartisan bill. “Hostile foreign intelligence services do not respect the arbitrary line between work and personal technology. As such, the U.S. government must extend its defensive cyber perimeter to include legislators’ personal devices and accounts.”

Separate election security legislation being introduced by Mr. Wyden would require the use of paper ballots and allow federal officials to establish mandatory cybersecurity requirements for elections, he said earlier this month. A previous version of that bill, the Protecting American Votes and Elections Act, or PAVE Act, stalled in 2018.