The Public Eye with Eric Chabrow

House Breach Hits Close to Home

House Breach Hits Close to Home

A confidential report dissecting the goings-on of 30-plus House members and several aides apparently was inadvertently placed on a publicly accessible computer system by a congressional staffer. Someone who saw the report provided it to The Washington Post, which said the committee attributed the breach to a low-level staffer who has since been fired.

Such breaches were on the mind of Rep. Daniel Lipinski, D.-Ill., sponsor of legislation to fund research on the social and behavioral aspects of cybersecurity. "People are the weakest link in many of our IT systems," Lipinski, chairman of the House Science and Technology Committee's Research and Science Subcommittee, said in an interview with GovInfoSecurity.com. "We really need a cultural change in the way Americans practice computer hygiene. The idea of computer hygiene is something most people don't understand."

People are the weakest link in many of our IT systems. We really need a cultural change in the way Americans practice computer hygiene. 

In a statement by Ethics Committee Chairman Zoe Lofgren, D.-Calif., and ranking Republican Jo Bonner, R.-Ala., said a committee review of the ethics probe became available on file-sharing networks because the junior staff member used file-sharing software while working from home. The two lawmakers said the committee is taking appropriate steps to deal with this issue, noting that neither the committee nor the House's information systems were breached in any way.

According to The Post, peer-to-peer technology has previously caused inadvertent breaches of sensitive financial, defense-related and personal data from government and commercial networks, and it is prohibited on House networks.

House administration rules require that if a lawmaker or staff member takes work home, "all users of House sensitive information must protect the confidentiality of sensitive information" from unauthorized disclosure.

Rules are great; enforcement isn't so easy. Just ask those lawmakers whose reputations - rightly or wrongly - may be sullied by the report's disclosure.



About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.