Plans to convene the 2021 legislation session remotely raise not only issues regarding transparency and government accountability but also the risks of hacking and cyberattacks. Since March, the state Legislative Service Center (LEG-TECH) has been preparing cybersecurity measures and educating legislators in both chambers on how to prevent unauthorized access to their systems. Stakeholders say these efforts are expected to ensure a smooth session from a tech standpoint and to provide a long-term framework for future sessions where remote meetings are needed.
Created in 1986, LEG-TECH oversees technology solutions for the entire legislature and 10 state agencies. Although the state Office of Cybersecurity (OCS) regularly collaborates with state agencies on ways to improve security and also monitors state government networks, IT security is handled by LEG-TECH.
LEG-TECH Director Mike Rohrbach told Lens that while his group is eager to avoid overconfidence in their efforts, the state is in a good position to make the transition to a virtual session.
A primary reason for that is “we were on a pretty good footing to begin with,” citing prior investments by the state legislature on equipment and hiring tech team members. “There’s this constant communication and collaboration. The legislature really does take cybersecurity seriously.”
He added: “We’re really focused heavily on people. We put a lot of emphasis on equipping our staff and members to practice cyber hygiene. We have a really dedicated team of technological professionals.”
Secretary of the Senate Brad Hendrickson told Lens that legislators and staff have also had numerous opportunities to adjust to remote meetings since March, with no security issues. “Things seem to be going really smoothly. How the session (is) going to move forward is going to be unique in state history.”
Hendrickson has 30 years of experience in various state legislative positions, including Deputy Secretary of the Senate as well as serving on LEG-TECH’s oversight committee.
The Secretary of the Senate oversees the chamber’s administrative duties. Its counterpart is the Office of the Chief Clerk of the House of Representatives, which is currently held by Bernard Dean. When contacted by Lens, the Chief Clerk’s Office deferred to LEG-TECH on questions related to cybersecurity.
Hendrickson said that many publicized security breaches around Zoom or Skype are related to the user “not taking the right precautions.” In his years on the oversight committee, he’s unaware of any security issues.
In fact, his biggest concern with a remote session from a technological perspective is whether legislators have adequate internet speeds. He said LEG-TECH has already told members in rural areas to find a place elsewhere with a better connection, such as a local community college, or they can also work from their legislative office at the Capitol as part of a hybrid between virtual and in-person, which Hendrickson says is anticipated to occur.
There’s also the risk of phishing scams where fraudulent emails are sent to obtain personal identification information, such as passwords. In a statement, the OCS stated that “while security threats have increased in volume, the methodology of bad actors has largely remained the same.”
On top of education, Rohrbach said his group encourages those who accidentally click on those links to report it immediately. “Customers are not afraid to call us and say ‘I clicked on this link I shouldn’t have’.”
One of the ways to ensure security is how the video hosting is managed, he said. “We don’t give hosting control to individual staff people or (legislative) members. We maintain some of those procedures. The hosting responsibilities are very narrow.”
Additionally, Rohrbach said a variety of authentication requirements have been added for those testifying during public comment, such as security codes for those dialing in by phone. Precautions are even greater for legislators when entering a voting system developed by LEG-TECH that provides members visual confirmation of their votes. While it will allow legislators to access the system from their own laptops, multifactored authentication will be required, such as confirmation via their cell phone. The software is also encrypted and only accessible through a virtual private network (VPN).
“That’s got to be air-tight security,” Rohrbach said. “Legislative leadership has been pretty insistent.”
“No network’s 100-percent secure obviously, but I think we’ve taken a lot of precautions for our networks, especially for our video conferences related to session,” Hendrickson said.
The significance of these efforts go well beyond this session, Rohrbach said. Like others, he believes remote testimony will become a permanent part of future legislative sessions.
However, he said that the system will enable future legislative sessions to continue even when natural disasters or the weather prevent legislators from making it to Olympia.
“We would have been in real trouble if we had had a natural disaster in the last ten years,” he said. “We went into this as a long-term investment that could potentially outlive the pandemic. This functionality is going to remain in place.”