The chairman of the House Committee on Homeland Security says he has become the target of phishing emails on an “almost daily basis.”
Rep. Michael McCaul, R-Texas, said Wednesday during an event at the National Press Club that some of the malicious messages are coming from email addresses that appear spoofed, or altered in such a way that they look to have come from known contacts.
“I have had attachments coming to me from people I know but about subjects that are totally unrelated to that person and I know it’s phishing,” McCaul recalled, “I’d say almost on a daily basis.”
The chairman’s comments underscore the growing risk faced by elected officials — especially for those handling classified information — from cyberattacks. While lawmakers and their staffers are encouraged to attend cybersecurity training sessions hosted by their respective sergeant at arms’ offices, representatives are not typically required to individually participate.
“A lot of it is very basic stuff like ‘don’t click on that attachment,'” McCaul said of the educational seminars.
McCaul, who was the lead on cybersecurity legislation in the previous Congressional term, said he understands part of the problem is the old networks Congress and their staff relies upon.
“We have a company that basically provides pretty good firewalls. And actually I have opened up one or two of these and gone back to my IT guy and we had some redundancies to back it up, where that intrusion didn’t take place, but it really gets to the whole issue, the legacy issue. Our network system is so antiquated, the older it is the more vulnerable it is to attacks,” said McCaul.
Multiple U.S. political organizations and campaigns were recently the target of a sophisticated hacking operations levied by Russian intelligence, a declassified report published Friday and compiled by U.S. intelligence agencies notes. McCaul said reports coupled with the recent news have left those on Capitol Hill with heightened awareness of cybersecurity hygiene.
“It’s not just Congress, everyone in this room has a phone and everyone in this room is subject to being infiltrated. I think it’s in large part a privacy issue. It’s a security issue when it comes to Congress and the executive branch and agencies. I think there’s a greater sense of awareness about it [amongst members of Congress]. A greater sense of anxiety … of paranoia,” said McCaul.
“Phishing emails to USG officials are incredibly common,” said Area 1 Security co-founder Blake Darche, “the Senate and House especially face security challenges in that they are not directly part of the executive branch and often lack the level of expertise at NSA/FBI/CIA. They are also public and as a result often receive and send emails to and from constituents raising their exposure profiles.”
Last week, USA Today reported that Congress planned to increase its efforts to protect members from data breaches by providing better training resources.
“One of the biggest threats that we have here would be the security, in particular the cybersecurity threats, that we face,” said Rep. Gregg Harper, R-Miss., the new chairman of the House Administration Committee, which oversees operations in the lower chamber. “Every office, every committee, every part of Capitol Hill is subject for attack by foreign governments, by individuals, people in this county who mean us harm.”