You know all those basic things you’re not supposed to do if you don’t want to get hacked, like use the same password for every account or share your password online? Hill staffers are probably doing all of that.
That’s the gist of a Politico report profiling the lax security practiced by multiple staffers interviewed. The report comes after an embarrassing hack of CENTCOM’s Twitter and Youtube in the middle of President Obama’s cybersecurity speech.
One of the government’s initial responses may have tipped off the sorry state of government employee training: they tweeted a reminder of helpful guidelines like “Never give your username and password out to untrusted third parties, especially those promising to get you followers or make you money.” (Hey CENTCOM, I have a Nigerian prince I’d like to introduce you to…)
Politico headed to the Capitol to interview almost a dozen former and current Hill and congressional IT staff on security practices, particularly how they store sensitive passwords for accounts like Dropbox and social media.
Their findings? “Most” had emailed passwords to themselves or others; “plenty” stored passwords in risky locations like shared Google docs; “most” said they didn’t often think about protecting their online security—even though they regularly work on cyber issues in their office. And “few” had taken IT security training.
“It’s amazing we weren’t terribly hacked, now that I’m thinking back on it,” a former Senate staffer said. “It’s amazing that we have the same password for everything [like social media.]”
“I don’t think the Senate as a whole does a very good job of teaching people what matters as to how to do cyber hygiene and advice on how to come up with good passwords, because when you think about it, some of the lowest-level staff have the most access, and this is their first job and isn’t self-explanatory. It needs to be taught to staff,” they said.
Hackers frequently target congressional systems: according to one testimony before the House in 2012, IT blocked 16.5 million attempted hacks, 11.4 million attempts at inserting spyware, and 17,763 viruses.
Another former staffer told Politico that Hill staff tend to have a “false sense” of security in the government networks.
National security personalities have been banging the drums for increased cybersecurity of late—former NSA head Gen. Keith Alexander argued over the weekend that the Sony hack proved just how unprepared America is for a cyberattack. And one senator has proposed creating an entirely new government agency just to deal with the problem.
