Cyber warfare: Capitol staffers aren’t ready

[InfoSec News <alerts () infosecnews org>]

http://www.politico.com/story/2015/01/cyber-warfare-capitol-114383.html

By TAL KOPAN
Politico.com
1/19/15

Congressional staffers are the gateway to all lawmaking on the Hill, but 
they also may be unwittingly opening the door to hackers.

The Hill’s networks are under constant attack. In 2013 alone, the Senate 
Sergeant at Arms’ office said it investigated 500 potential examples of 
malicious software, some from sophisticated attackers and others from 
low-level scammers. And that’s just the serious cases — in a different 
measurement, the House IT security office said in 2012 it blocked 16.5 
million “intrusion attempts” on its networks.

But the thousands of men and women who keep Congress running every day are 
committing the basic cybersecurity mistakes that attackers can exploit to 
do harm — like in the CENTCOM social media hack or crippling breach of 
Sony Pictures Entertainment.

POLITICO interviews with nearly a dozen current and former staffers, as 
well as congressional IT security staff, reveal a typical array of poor 
cyber habits.

Most of the staffers interviewed had emailed security passwords to a 
colleague or to themselves for convenience. Plenty of offices stored a 
list of passwords for communal accounts like social media in a shared 
drive or Google doc. Most said they individually didn’t think about 
cybersecurity on a regular basis, despite each one working in an office 
that dealt with cyber or technology issues. Most kept their personal email 
open throughout the day. Some were able to download software from the 
Internet onto their computers. Few could remember any kind of IT security 
training, and if they did, it wasn’t taken seriously.

[...]

--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/