Cory Bennett --- The Hill
Government agencies and congressional offices are vulnerable to the same kind of cyberattack that hit Sony Pictures, experts say.
Lawmakers on Capitol Hill are well aware of the growing threat online, and many tell staff to act as if everything they write in email could one day become public.
“I try to inspire my staff often that when they write an email, they write it as if it should be right on the front page of your newspaper,” said Rep. Brad Sherman (D-Calif.), whose district includes Hollywood, in an interview with The Hill.
The assault on Sony exposed humiliating internal conversations, unveiled secretive plans and caused the studio to temporarily press pause on a multi-million dollar motion picture.
During a recent congressional hearing, an FBI official estimated the tactics used in the Sony hack would have evaded 90 percent of the American government’s cyber defenses. Security researchers backed the assessment.
“The story at the federal level is horrific,” said Joe Kiniry, lead investigator for security firm Galois.
“The [government] ecosystem is massive, and therefore so are the opportunities to break into networks,” said Hitesh Sheth, CEO of the cyberattack monitoring firm Vectra. “This is absolutely a real issue.”
Security experts and current and former government officials agreed there is an aggressive effort underway to plug holes in the system.
In the last five-plus years, government agencies have taken significant steps to bolster cybersecurity, reducing entrance points for hackers, enhancing congressional email security and increasing oversight reports.
“But that’s a glacial process, and giving yourself an ‘F’ on a scorecard year after year doesn’t necessarily help you get the resources you need to address the problem,” Kiniry said.
“It’s a real challenge for government to have the budget and the skill set — the people — to keep up across the board,” said David Turetsky, a former top cybersecurity official at the Federal Communications Commission (FCC). “They try, but budgets force choices and government salaries are different than the private sector.”