On Wednesday, Senators Wyden (D-OR) and Cotton (R-AR) introduced a bipartisan bill that, if passed, will enhance the Senate Sergeant at Arm's ability to defend Senators and their staff from cyber threats. Called the Senate Cybersecurity Protection Act, the bill would "authorize the Sergeant at Arms to protect the personal technology devices and accounts of Senators" and their staff, on a voluntary, opt-in basis, "from cyber attacks and hostile information collection activities."
Among the many hats the Sergeant at Arms wears is serving as basically the IT desk of the Senate. Currently, the SAA's ability to provide cybersecurity assistance to Senators and their staff is limited solely to official devices and accounts. The SAA doesn't have the authority to use government funds for the cybersecurity of non-government-issued devices and accounts. That may sound common-sense enough -- you probably aren't calling up your employer's IT desk and asking them to help fix your personal laptop. But then, you're not a U.S. Senator, with all the special risks that role entails. Even if this rule made sense in earlier eras, it's no longer the right approach to dealing with the cybersecurity threat landscape in 2019.
As we've seen in recent years, agents of foreign adversaries are bent on hacking our elected officials, candidates for office, and their staffs, and using the information they gain to influence U.S. elections, harm our national security, amplify divisions within the American populace, and undermine other U.S. interests. If malicious hackers don’t draw a line between official and personal devices and accounts, why should the Sergeant at Arms have to do so?
This bill would close an important gap in the cybersecurity assistance available to Senators and their staff. That's why -- in my personal capacity only, not on behalf of CIS, SLS, or the University -- I am happy to support the Senate Cybersecurity Protection Act.