June 16, 2020

Wyden Questions Intelligence Community Cybersecurity Following Damning CIA Report on Stolen Hacking Tools

Washington, D.C. – Sen. Ron Wyden, D-Ore., today asked Director of National Intelligence John Ratcliffe to explain what steps he is taking to improve the cybersecurity of some of the nation’s most sensitive secrets, held by federal intelligence agencies, after Wyden obtained a damning CIA report on cybersecurity failures that led to “the largest data loss in CIA history.”

Wyden, a senior member of the Senate Intelligence Committee, obtained the unclassified, redacted excerpt of the CIA’s WikiLeaks Task Force report from the Department of Justice, after it was introduced as evidence in a court case earlier this year involving stolen CIA hacking tools.

The 2017 CIA report revealed lax cybersecurity measures across the agency, including “acute vulnerabilities” in critical IT systems. The security was so poor, according to the report, if these hacking tools had “been stolen for the benefit of a state adversary and not published, we might still be unaware of the loss—as would be true for the vast majority of data on Agency mission systems.”

Wyden said it is time for Congress to reconsider a law that exempts intelligence agencies from federal cybersecurity requirements

Congress did so reasonably expecting that intelligence agencies that have been entrusted with our nation’s most valuable secrets would of course go above and beyond the steps taken by the rest of the government to secure their systems,” Wyden wrote in his letter to Ratcliffe.“Unfortunately, it is now clear that exempting the intelligence community from baseline federal cybersecurity requirements was a mistake.”

Read Wyden’s full letter to Ratcliffe here.