Sen. Ron Wyden, D-Ore., is asking Chief Justice John Roberts to conduct a comprehensive review of the federal court system’s cybersecurity protections after court systems recently suffered their second major hack in five years.
The letter sent by Sen. Wyden on Aug. 25 follows a breach of the federal judiciary’s electronic case filing system, which was first reported by Politico and likely exposed sensitive court information across multiple states.
That breach – and previous ones– prompted the senator to request that the chief justice hire an independent public expert from the National Academy of Sciences to review recent major hacks of court systems and how the judiciary manages its technology.
Sen. Wyden noted that while the Department of Homeland Security’s Cyber Safety Review Board would usually review the court’s systems, having the executive branch conduct that assessment “could raise separation of powers issues” and that President Donald Trump “fired the whole board on the second day of his administration.”
“The federal judiciary’s current approach to information technology is a severe threat to our national security,” wrote the senator. “The courts have been entrusted with some of our nation’s most confidential and sensitive information, including national security documents that could reveal sources and methods to our adversaries, and sealed criminal charging and investigative documents that could enable suspects to flee from justice or target witnesses.”
“Yet, you continue to refuse to require the federal courts to meet mandatory cybersecurity requirements and allow them to routinely ignore basic cybersecurity best practices,” he said.
When acknowledging the hack this June, federal court officials said they would ramp up their cybersecurity protections after noting that they have been receiving “recent escalated cyberattacks of a sophisticated and persistent nature” on court management system.
In 2020, the court system’s case management/electronic case file system – which houses sensitive documents – was compromised by Russian actors via SolarWinds software. Before that, court officials – including Chief Justice Roberts – and the Government Accountability Office had warned about vulnerabilities in the federal case management and IT systems.
Sen. Wyden called those systems “insecure, antiquated and expensive to operate.”
“While the judiciary has solicited advice from leading government experts on establishing a modern, secure and efficient case management system, the judiciary thus far has ignored that advice and has made no meaningful progress towards a replacement,” wrote Sen. Wyden, saying this cybersecurity approach has “been able to fester for decades because the judiciary covers up its own negligence.”
In his letter, the senator also pointed to differences in cybersecurity standards between federal agencies and the judiciary, noting that while agencies must meet minimum federal standards, the federal judiciary has not adopted its own set of minimum standards.
One example of this, Sen. Wyden said, is that while agencies have been using multifactor authentication (MFA) for years, the court systems will not have required the use of phishing-resistant MFA until the end of 2025.
“The glacial speed with which the federal judiciary adopted this inferior cyberdefense, years after government agencies and businesses have migrated to superior solutions, highlights the fact that the judiciary’s cybersecurity problems are not technical, but rather, are the result of incompetence and the total absence of accountability,” reads the letter.
In addition to the independent review, the senator also requested that Congress be provided with any reports on the 2020 and 2025 breach, and that the director of the Administrative Office of United States Courts cooperate with congressional oversight.