The U.S. federal judicial court system experienced in 2020 a cyber incident of “startling breadth and scope,” a member of Congress disclosed.
It was perpetuated by three foreign state actors, House Judiciary Committee Chair Jerry Nadler said during a Thursday hearing.
“Perhaps even more concerning is the disturbing impact the security breach had and on pending civil and criminal litigation, as well as an ongoing national security or intelligence matters,” Nadler said.
The Department of Justice is investigating, Assistant Attorney General for National Security Matthew Olsen told the New York Democrat.
“While I can’t speak directly to the nature of the ongoing investigation of the type of threats that you’ve mentioned regarding the effort to compromise public judicial dockets, this is of course a significant concern for us given the nature of the information that’s often held by the courts,” Olsen said.
The Administrative Office of the U.S. Courts disclosed in early 2021 an “apparent compromise” in the confidentiality of its digital docketing system. The incident came to light as a result of a security audit taken in the wake of the Russian nation-state hack of ubiquitous network management tool maker SolarWinds.
But the attack against the court system was not a result of the SolarWinds, said Nadler.
Little is publicly known about the incident, other than the court system announced it would no longer accept highly sensitive court documents through its digital docket system, known as CM/ECF. Attorneys instead must file those documents through paper or secure thumb drive for storage on a computer system not connected to the internet, the court administrative office said at the time.
Sen. Ron Wyden, an Oregon Democrat and member of the Senate Intelligence Committee, wrote the judicial administrative office in a Thursday letterexpressing “serious concerns that the federal judiciary has hidden” the national security consequences of the incident.
“The federal judiciary has yet to publicly explain what happened,” Wyden added. He said the court system faces “unmanageable security risks” since responsibility for cybersecurity risks is delegated to the 94 district and 12 appellate court chief judges.