Making cybersecurity training mandatory for Members.
Consistent with its support for Member continuing education, the Committee identified the need for Member-specific cybersecurity training. Members of Congress are not required to take cybersecurity training, despite their vulnerabilities to cyber threats. The lack of training in cell phone security and guidance for traveling abroad places Members at undue risk. At the Committee’s March 2019 Member Day Hearing, Rep. Kathleen Rice testified about the necessity of training, pointing out that Members and congressional offices are prime targets for malicious foreign actors. The more Members know about how to actively counter cybersecurity threats, the less vulnerable Congress is to cyber-attacks:
“Our employees and House officers are already required to take mandatory information security training each year, and I believe Members should be held to the exact same standards.”
Rep. Kathleen Rice, March 12, 2019
The Committee recommended making cybersecurity training mandatory for Members, and specifically called for advanced cyber-hygiene training and use of encrypted messaging and multi-factor authentication as basic standards for both Members and staff. Due to the increase in remote work during the coronavirus pandemic, this recommendation was further expanded upon in the Committee’s fourth round of recommendations addressing continuity issues in the legislative branch.