[Infowarrior] - Article + comment ... House takes steps to boost cybersecurity

Richard Forno rforno at infowarrior.org
Wed Dec 16 14:33:54 UTC 2009 

NB:  During the 1990s when we first drafted House infosec policies,  
our team was told to develop two "policies" -- one for staffers and  
one for the elected Members.   The staffer version was a fairly common  
user security policy like you'd find anywhere  else at the time and  
REQUIRED compliance (and had likely penalties/consequences), but the  
Member one, to put it simply, ENCOURAGED their adherence or compliance  
with recommended good security practices but that was about it. The  
reason for this double-standard?  We were told that (elected) Members  
could not be told what to do (or how to act) by (unelected) staffers  
such as our team.[1]  Sigh.

As such, one wonders how many cybersecurity transgressions in the  
House are the result of elected Member goof-ups that get hushed up!!!

-rf

[1] We did get the opportunity to say "I told you so" to House leaders  
who got embarrassed publicly and then ran to us wondernig what could  
be done to prevent it from happening again.  Heh, memories!

House takes steps to boost cybersecurity
By Paul Kane
Washington Post Staff writer
Wednesday, December 16, 2009; A06

http://www.washingtonpost.com/wp-dyn/content/article/2009/12/15/AR2009121505075_pf.html

House leaders have asked the chamber's security officials to implement  
a new cybersecurity training regimen for aides and take additional  
measures to protect sensitive information from potential hackers.

After a six-week review prompted by The Washington Post's disclosure  
of the ethics committee's secretive deliberations, Daniel P. Beard,  
the House's chief administrative officer, recommended technology  
security updates that focused mostly on making staff aware of the  
security risks on the Internet.

"Changes in security policies will make it clear that all sensitive  
House information will remain on House equipment at all times, it will  
be encrypted when stored on mobile devices and must not be transmitted  
on any public access system," Beard wrote in a letter to House Speaker  
Nancy Pelosi (D-Calif.) and Minority Leader John A. Boehner (R-Ohio).

Beard undertook the review after a junior staffer took home a  
sensitive computer file that included a document naming every member  
of Congress the panel was investigating and updating most of the  
nearly three dozen investigations. In many cases, the lawmaker's  
ethics troubles had not been revealed publicly.

The staffer placed the file on a home computer on which she had  
downloaded peer-to-peer file-sharing software, commonly used by people  
who want to share music and other digital files. The Post obtained the  
file from a source who had no connection to Congress or any matter  
before the ethics committee.

In addition to new training, Beard will force the House's internal  
wireless Internet service to be password-protected. Employees  
traveling outside the United States will have their government-issued  
wireless devices checked by House security before and after their  
trips.

More information about the Infowarrior mailing list