Wyden Calls for Review of US Court Systems' Cyber Posture After Case System Hack

Senator Ron Wyden, D-Ore., has sent a letter to Chief Justice John Roberts requesting an investigation into the cybersecurity posture of the nation's court systems following a hack of its cornerstone electronic legal case management system. The breach, first reported by Politico, potentially revealed the identities of confidential informants involved in criminal cases in several federal district courts.

Russian hackers are believed to have been at least partly involved in the intrusion, echoing a similar 2020 hack of court systems. Wyden, a senior member on the Senate Intelligence Committee, argued that the federal judiciary's current approach to information technology poses a severe threat to national security.

"The federal judiciary's current approach to information technology is a severe threat to our national security," Wyden wrote. "Yet, you continue to refuse to require the federal courts to meet mandatory cybersecurity requirements and allow them to routinely ignore basic cybersecurity best practices."

Wyden requested that the high court commission the National Academy of Sciences to review the latest incident and the 2020 hack. He emphasized that the current approach has allowed problems in the judiciary's approach to cybersecurity to "fester for decades" due to lack of transparency and oversight.

"These serious problems in the judiciary's approach to cybersecurity have been able to fester for decades because the judiciary covers up its own negligence, has no inspector general, and repeatedly stonewalls congressional oversight. This status quo cannot continue," he wrote.

The Supreme Court did not immediately respond to a request for comment on Wyden's letter. However, court systems have become increasingly vulnerable targets for nation-state hackers and cybercriminals due to the sensitive nature of the legal records, classified filings, and personal data housed within them.

Disrupting court operations could potentially delay proceedings or provide strategic advantages to foreign adversaries. Moreover, many courts operate on outdated or under-resourced IT infrastructure, making them even more susceptible to attacks.

The front-end access tool for the affected case filing management system, known as PACER, began as a dial-up service in the late 1980s and transitioned to a full internet-facing platform throughout the 1990s. Only recently, in May, did the U.S. court system's administrative office announce plans to implement multifactor authentication on PACER access systems.

Since the recent hacking incident, multiple district courts have directed filers not to submit sealed documents due to concerns that security measures around such documents may be compromised. Court of Appeals Judge Michael Y. Scudder, who chairs the Judicial Conference's IT Committee, warned last September of cybersecurity threats to the Judiciary and outlined steps being taken to address them.

In June, he told a House Judiciary subcommittee that the branch is continuing efforts to modernize its IT systems as more advanced cyber threats mount. Wyden's letter serves as a call to action for the nation's top court system to prioritize cybersecurity and take concrete steps to protect sensitive information from falling into the wrong hands.