Summary
- Sen. Ron Wyden urges Chief Justice Roberts for independent review.
- Focus on federal court cybersecurity after multiple breaches.
- Wyden calls the judiciary's IT approach a national security threat.
- Notes judiciary lacks mandatory cybersecurity standards and transparency.
In a letter to Roberts, Wyden demanded the independent study one week after it was revealed that Russian hackers had gained access to the U.S. court record system for several years.
Politico reported two weeks ago that a broad cyber intrusion had compromised the federal judiciary's electronic case filing system, exposing sensitive court data in several U.S. jurisdictions.
An important hack into the court filing system in 2020 was mirrored in that attack.
“The federal judiciary’s current approach to information technology is a severe threat to our national security,”
Wyden wrote in his letter to Roberts.
“The courts have been entrusted with some of our nation’s most confidential and sensitive information, including national security documents that could reveal sources and methods to our adversaries, and sealed criminal charging and investigative documents that could enable suspects to flee from justice or target witnesses. Yet, you continue to refuse to require the federal courts to meet mandatory cybersecurity requirements and allow them to routinely ignore basic cybersecurity best practices.”
Wyden informed Roberts that a committee of judges, whose membership "you have kept hidden from the public and who presumably have no technology expertise," sets federal judicial technology and cybersecurity policy.
The case management system was described by the senator as "insecure, antiquated, and expensive to operate."
“These serious problems in the judiciary’s approach to cybersecurity have been able to fester for decades because the judiciary covers up its own negligence, has no inspector general and repeatedly stonewalls congressional oversight. This status quo cannot continue,”
Wyden wrote to Roberts.
Wyden also criticized the judiciary for delaying the use of multifactor authentication, a cybersecurity precaution mandated by executive branch agencies since 2015, until two months ago.
Roberts should trust the National Academy of Sciences to review the hacks, Wyden advised.
In a separate letter, the senator requested answers to a series of questions addressed to Roslynn R. Mauskopf, director of the Administrative Office of the U.S. Courts.
How might courts’ refusal to adopt mandatory cybersecurity rules worsen national security?
Courts handle highly sensitive information, including sealed criminal records, national security documents, and personally identifiable information. Weak cybersecurity makes this data vulnerable to theft, manipulation, or exposure by malicious actors, including foreign adversaries.
Failure to implement mandatory protections increases the risk of cyberattacks such as ransomware, data breaches, or hacking by state-sponsored groups, which can disrupt judicial processes, delay justice, and undermine public trust in the legal system.
Courts are often connected to broader government networks. A cybersecurity incident in one court system can quickly spread to other government agencies, potentially harming emergency services, public health systems, and critical infrastructure.