This just in – there’s no VPN between the U.S. House of Representatives and the Senate! They’re not even using SFTP…
This week, some U.S. Senators are talking about how it might be good to have encrypted traffic between the two counterparties of our bicameral legislative process.
This comes at a time when the Senate prepares to turn down yet another House bill, this one related to coronavirus assistance. Mitch McConnell and others have evinced skepticism about the HEROES bill passed through the House, characterizing it as having some partisan grabs built in.
All of the partisan politics aside, it makes sense for legislators to argue for the same kinds of robust security that are usually in place in the private sector.
Without encryption, hackers can get their hands on all sorts of data as it flows from the house to the Senate, and vice versa.
But analysts looking at our dearth of cyber-protections may suggest that even the private sector does not have the legislative oversight it needs.
“The United States lacks a comprehensive, nationwide approach to cybersecurity,” writes Jeff Kosseff at Slate. “Because Congress has done little to address cybersecurity, state legislatures have stepped in and passed their own cybersecurity laws. Although their efforts are well-intentioned, they have led to a scattershot approach of uncoordinated and occasionally conflicting laws. For instance, all 50 states have enacted laws that require companies to notify their residents of breaches of personal information. The types of breaches that trigger the notification requirements vary by state, as does the required content for the notices. In the critical days after a breach, a company must sort through the morass of state breach notice laws when it could devote that time to preventing further harm.”
In the larger context, we have to look at hardening government systems against cyberattacks. Encryption and VPN tunnels are great way to do this, so they really should be in place for systems built and used by government agencies and our legislative bodies.
As for the president, no executive branch leader should be tweeting out daily on an unsecured cell phone.
All of this would be a good start.