House Panel Urges IT Reforms in Wake of Serious Hacks

July 30, 2019 Updated: July 30, 2019

WASHINGTON—Congressional officials declined to say on July 29 if six information technology (IT) modernization recommendations they approved July 25 would prevent future cybersecurity scandals such as those involving Imran Awan and Jackson Cosko in 2017 and 2018.

The six recommendations were among 24 adopted by the Select Committee on Modernization of Congress. The House of Representatives panel includes six Democrats and six Republicans. Each approved recommendation received at least nine votes from among the 12 members.

The six IT system recommendations include:

  • Improving IT services in the House by reforming House Information Resources (HIR).
  • Requiring HIR to prioritize certain technological improvements.
  • Requiring HIR to reform the approval process for outside technology vendors.
  • Requiring HIR to allow member offices to test new technologies.
  • Creating one point of contact for technology services for each member office.
  • Leveraging bulk purchasing of the House by removing technology costs out of member offices’ budgets and moving them into a centralized account.

“These 24 bipartisan recommendations make important strides to strengthening the capacity of the legislative branch so we can better serve all Americans,” Reps. Derek Kilmer (D-Wash.) and Tom Graves (R-Ga.) said in a joint statement accompanying the release of the new recommendations.

Kilmer is chairman, while Graves is vice chairman of the committee.

The modernization panel released a text of the 24 recommendations late July 26, but no details were provided on how the suggested reforms should be implemented.

The IT recommendations still must be adopted by the House Administration Committee, which can implement them as written, modify them, or let them sit with no further action.

The recommendations weren’t created, drafted, or passed based on any specific incident, The Epoch Times was told by a knowledgeable congressional source who asked not to be identified by name.

There is a separate recommendation that all members of the House be required to undergo cybersecurity training, but a spokesman for the panel said the specific content of the training would be decided by others, according to a panel spokesman.

Senate and House IT systems have been seriously compromised in recent years by congressional IT aides who took advantage of their access to sensitive congressional computer systems, with both of the main plotters ending up facing charges in federal court.

Cosko, a former IT aide to Sen. Maggie Hassan (D-N.H.), is the only one of the two, however, who is now serving a jail sentence.

Cosko used his access to the Senate computer system in 2018 to obtain the personal information of Sen. Orrin Hatch (R-Utah) and other Republicans involved as members of the Senate Judiciary Committee during the confirmation of Supreme Court Justice Brett Kavanaugh.

Cosko was incensed by the nomination, so he made public personal information about the senators and members of their families, exposing them to potentially dangerous retaliation by other opponents of the judge.

Cosko broke into Hassan’s Senate office after being fired for undisclosed reasons and installed keyloggers—hard-to-detect digital devices that beam information off-site via WiFi—on the Senate system. They were discovered after Cosko revealed them to investigators.

Prosecutors called Cosko’s actions “the largest data theft in Senate history.” He received a four-year jail sentence in June. A major reorganization of the Senate sergeant-at-arms office responsible for the Senate computer system followed the discovery of Cosko’s actions.

In the Awan case, the House Inspector General (IG) said in 2016, the IT aide from Pakistan—and family members he had assisted in being hired to work in similar positions during the previous decade—illegally accessed the office computer systems of dozens of Democratic representatives and downloaded information to an off-site server.

Among the Democratic members Awan and his circle worked for were senior members of the House Intelligence, Judiciary, and Homeland Security committees. The Awans’ activities took place under both Democratic and Republican House majorities.

“The Awans and their associates collected more than $5 million in pay from congressional offices, often drawing chief-of-staff level pay, though there is reason to believe many didn’t even show up,” according to Daily Caller News Foundation investigative reporter Luke Rosiak.

“The House’s internal probe found they logged into servers they had no affiliation with, used members’ usernames, covered their tracks, and persisted even after being fired,” Rosiak reported.

Despite the House IG’s evidence, the Department of Justice didn’t file related charges against Awan or any of his associates. He accepted a plea deal in 2018 on bank fraud charges that included no jail time.

Rosiak, whose book, “Obstruction of Justice,” documents the Awan saga from its beginning in 2005, spoke at length recently with The Epoch Times about the Awan and Cosko cases.

The modernization panel, which has a small staff and budget, released its first group of recommendations earlier this year, with a focus on improving congressional staff pay and benefits, as well as increasing diversity among the approximately 20,000 employees.

RECOMMENDED