In February, a company that monitors P2P networks said that it had found blueprints and avionics about the president's helicopter, Marine One, on a computer in Tehran. An investigation later found that a third-party defense contractor with access to that data was using a computer that also had P2P file sharing software on its hard drive.
Peer-to-peer file sharing lets people transmit data over a network without the need for a central server. Peer-to-peer, or P2P as it's more generally known, first earned wide public attention in the late 1990s with the emergence of Napster and the practice of illegal file sharing of music over the Internet.
In this case, the breach occurred because a junior staffer saved the document on her home PC, which reportedly also had Gnutella file sharing software. One congressional source familiar with the inquiry says that she saved the document on her home PC but failed to realize the folder could be shared with other users on the P2P network.
Following Lofgren's announcement, she and Bonner issued a brief statement that underscored the depth of the challenge Congress may face keeping its secrets under wraps in the future. "No matter how robust our cybersecurity systems are, they remain subject to individual error."
Lofgren, who represents Silicon Valley, knows this stuff and she's quite right to note how hard it is to maintain a failsafe system. Even in the corporate world, where billions of dollars in spending on security software, everything comes to naught if a single employee ignores best practices memo and simply spaces out - which often happens.
"The problem is that whatever your policies are, human errors will always be your Trojan Horse," said a Congressional source. "You're talking about human error."
Which is why we'll likely be writing more stories like this in the future.
It's unclear who would be in charge of setting up best practices for the House of Representatives. Vivek Kundra is the Federal Chief Information Office. But because the federal CIO is in the executive branch, he has no jurisdiction or responsibility for legislative branch information technology policies or management. (If you have any idea, send me an email at firstname.lastname@example.org.)