Sen. Wyden urges Chief Justice Roberts to review court cybersecurity
Summary
- Sen.
Ron Wyden urges Chief Justice Roberts for independent review. - Focus
on federal court cybersecurity after multiple breaches. - Wyden
calls the judiciary’s IT approach a national security threat. - Notes
judiciary lacks mandatory cybersecurity standards and transparency.
In a letter to Roberts, Wyden demanded the independent study
one week after it was revealed that Russian hackers had gained access to the
U.S. court record system for several years.
Politico reported two weeks ago that a broad cyber intrusion
had compromised the federal judiciary’s electronic case filing system, exposing
sensitive court data in several U.S. jurisdictions.
An important hack into the court filing system in 2020 was
mirrored in that attack.
“The federal judiciary’s current approach to information
technology is a severe threat to our national security,”
Wyden wrote in his
letter to Roberts.
“The courts have been entrusted with some of our nation’s
most confidential and sensitive information, including national security
documents that could reveal sources and methods to our adversaries, and sealed
criminal charging and investigative documents that could enable suspects to
flee from justice or target witnesses. Yet, you continue to refuse to require
the federal courts to meet mandatory cybersecurity requirements and allow them
to routinely ignore basic cybersecurity best practices.”
Wyden informed
Roberts that a committee of judges, whose membership “you have kept hidden
from the public and who presumably have no technology expertise,” sets
federal judicial technology and cybersecurity policy.
The case management system was described by the senator as
“insecure, antiquated, and expensive to operate.”
“These serious problems in the judiciary’s approach to
cybersecurity have been able to fester for decades because the judiciary covers
up its own negligence, has no inspector general and repeatedly stonewalls
congressional oversight. This status quo cannot continue,”
Wyden wrote to
Roberts.
Wyden also criticized the judiciary for delaying the use of
multifactor authentication, a cybersecurity precaution mandated by executive
branch agencies since 2015, until two months ago.
Roberts should trust the National Academy of Sciences to
review the hacks, Wyden advised.
In a separate letter, the senator requested answers to a
series of questions addressed to Roslynn R. Mauskopf, director of the
Administrative Office of the U.S. Courts.
How might courts’ refusal to adopt mandatory cybersecurity
rules worsen national security?
Courts handle highly sensitive information, including sealed
criminal records, national security documents, and personally identifiable
information. Weak cybersecurity makes this data vulnerable to theft,
manipulation, or exposure by malicious actors, including foreign adversaries.
Failure to implement mandatory protections increases the
risk of cyberattacks such as ransomware, data breaches, or hacking by
state-sponsored groups, which can disrupt judicial processes, delay justice,
and undermine public trust in the legal system.
Courts are often connected to broader government networks. A
cybersecurity incident in one court system can quickly spread to other
government agencies, potentially harming emergency services, public health
systems, and critical infrastructure.