Federal courts are upgrading their cybersecurity on a number of fronts, but multifactor authentication for the system that gives the public access to court data poses “unique challenges,” the Administrative Office of the United States Courts told Sen. Ron Wyden in a letter this week.
Wyden, D-Ore., wrote a scathing August letter to the Supreme Court in response to the latest major breach of the federal judiciary’s electronic case filing system. The director of the Administrative Office of the United States Courts responded on behalf of the Supreme Court.
It is “simply not the case” that the courts have, in the words of Wyden, “ignored” advice from experts on securing the Case Management/Electronic Case Files (CM/ECF) system, wrote Robert Conrad Jr., director of the office.
“Substantial planning for the modernization effort began in 2022, and we are now approaching the development and implementation phase of the project,” he wrote in the Sept. 30 letter. “We expect implementation will begin in the next two years in a modular and iterative manner.”
In recent years, the office has been testing technical components on its modernization effort, and is centralizing the operation of data standards to enable security, Conrad said.
Wyden took the office to task for not enabling phishing-resistant multifactor authentication (MFA). Conrad wrote that the office was in the process of rolling out MFA to the 5 million users of PACER, the public case data system.
“The Judiciary has unique challenges in implementing MFA due to the significant diversity of users,” he responded. “PACER users range from sophisticated, high-volume data aggregators and well-resourced law firms to journalists and ordinary citizens, to indigent litigants. All PACER users need access to court records, but some do not have traditional forms of MFA they can use. The design and implementation of our MFA implementation requires consideration of these unique needs.”
Wyden also took issue with the lack of public explanations about the series of court breaches. Conrad wrote that the breaches are “sensitive from both a law enforcement and national security perspective,” and need to be kept confidential, but noted that the courts have briefed congressional Judiciary, Appropriations and Intelligence committees on a classified basis.
“Even after back-to-back catastrophic hacks of the federal court system, Chief Justice [John Roberts] continues to stonewall Congress and cover up the judiciary’s gross negligence that has enabled these hacks,” Wyden said in response to the Conrad letter. “It is long past time for the courts to follow the same minimum cybersecurity standards as the executive branch, but since Chief Justice Roberts and the Judicial Conference refuse to set such requirements, Congress must step in and legislate.”
Court Watch was the first to report on the contents of the letter.
The post Federal judiciary touts cybersecurity work in wake of latest major breach appeared first on CyberScoop.
The Administrative Office of the United States Courts denied ignoring expert advice in a letter to Sen. Ron Wyden, D-Ore., who blasted Chief Justice Roberts in a response statement.
The post Federal judiciary touts cybersecurity work in wake of latest major breach appeared first on CyberScoop. Read MoreCyberScoop
