The Daily Caller logo
Investigative Group

Congressmen Repeatedly Failed To Supervise IT Aides With ‘Keys To The Kingdom,’ Officials Say

Network cables are plugged in a server room on November 10, 2014 in New York City. U.S. President Barack Obama called on the Federal Communications Commission to implement a strict policy of net neutrality and to oppose content providers in restricting bandwith to customers. Michael Bocchieri/Getty Images. | Hearing Details Congress' Cyber Failures

Michael Bocchieri/Getty Images

Daily Caller News Foundation logo
Luke Rosiak Investigative Reporter
Font Size:

Only one IT aide currently working directly for members of Congress has ever completed a background check, members’ data have been improperly mixed with other members’ data, and members provided almost no supervision, officials revealed Thursday in a House hearing spurred by “egregious” violations by former IT aide Imran Awan.

Members of Congress threw “$10 million” in additional funding to the [chief administrative officer (CAO)] in order to enhance their cybersecurity program” in June 2017. The move followed repeated cybersecurity threats against members of Congress, including the detection of what an IG report called “unauthorized access” by Awan. They also had the CAO and others propose how best to clamp down on vulnerabilities. But the CAO revealed Thursday that members blocked the resulting proposal, which called for eliminating Awan’s job category, that of a floating IT aide accountable only to members.

System administrators like Awan “hold the ‘keys to the kingdom,’ meaning they can create accounts, grant access, view, download, update, or delete almost any electronic information within an office,” Inspector General Michael Ptasienski said at the House hearing.

“A rogue system administrator could inflict considerable damage to an office and potentially disclose sensitive information, perform unauthorized updates, or simply export or delete files,” he continued. “A rogue system administrator could take steps to cover up his/her actions and limit the possibility that their behavior being detected or otherwise traced back to them.”

House Chief Administrative Officer Phil Kiko testified that experts found “two dozen” problems with the way the House managed cybersecurity. “Enforcement gaps range from improper vetting of the employees themselves, to unfettered access to House accounts and use of non-approved software and/or cloud services, to the use of unauthorized equipment … far too many have privileged access to the House network with little to no supervision,” he said.

The inspector general included revelations about members of Congress giving people not on their staff full access to their data, arrangements that let people secure federal benefits while otherwise acting like private contractors, and massive noncompliance rates despite the inspector general had raised issues about IT aides to the Committee on House Administration in both 2009 and 2012.

After detecting earlier vulnerabilities with IT and bookkeeping employees, Congress’s solution was to require the employees sign a form saying they agreed to follow rules. But not only did alleged rule-breaking continue (including stealing and subletting their jobs to others), 45 percent of the employees never signed the form, with “no apparent ramification,” the CAO said.

“The public is rightfully very upset about how this was handled in the past, and that this egregious example that’s now being criminally investigated was allowed to occur,” Virginia Republican Rep. Barbara Comstock, a Republican, said.

“We just can’t have this ever happen again,” said Gregg Harper, the Republican chairman of the Committee on House Administration.

CAO Kiko, IG Ptasienski and Sergeant-at-Arms Paul Irving all recommended abolishing the job of “shared employees” like Awan, and they repeatedly referenced members refusing to discipline IT aides who break rules.

Despite frequently condemning hacks, members refused the proposal, citing their desire for autonomy, multiple officials said at the hearing.

The officials didn’t specify which members opposed the proposal to reduce vulnerabilities to hacking, though many Republicans use contractors rather than “shared employees.” The primary advantage shared employees have over contractors is federal job benefits. All of the Awans’ 44 employers were Democrats.

The CAO said that a “working group” comprised of the House’s cybersecurity experts and law enforcement concluded that it was “impossible” to fix the vulnerabilities of employees like Awan because a lack of oversight was inherent in the structure where he was working for numerous different members impacted efficient systems of accountability.

“When risks and/or noncompliance with House policies have been identified,” he said, “corrective actions by House officers is greatly delayed by the required coordination with shared employees’ multiple employing authorities.”

“It is impossible to eliminate the vulnerabilities posed by the use of shared employees without making significant changes to the employment structure itself. … Replacing the shared employee management structure with an independent contractor arrangement would provide the CAO with the required authority to enforce compliance,” he said.

The proposal was nonetheless blocked because “Members expressed a strong desire to keep shared employees on as House employees instead of contract employees.”

Irving said the congressmen’s desires were at odds with the interest of the United States. “Ultimately it is the balance between the member interest and the governmental interest,” he said.

As a result, the group of experts tasked with finding a solution to IT vulnerabilities were forced to dial back their proposal. “Members would be able to hire who they wanted but as part of those employees performance standards maybe there could be something in there that said they had to comply with House policies, and then if they wouldn’t, we could deny access or tell the member about it, or elevate it the committee, and I think that’s how you could have it both ways,” CAO Kiko said.

“I would also encourage all House offices to require strict adherence to the established standards as a condition of employment,” Sergeant at Arms Paul Irving said.

“For the proposed standards to be effective, it would be imperative that House offices that employ or would like to employ a shared employee require adherence to the established standards as a strict condition of employment,” Kiko added.

Debbie Wasserman Schultz refused to fire Awan despite the inspector general’s allegation that he made “unauthorized access” to House data. After the IG made his claims public, the server that the IG said contained evidence was physically stolen, according to three senior government officials.

Wasserman Schultz kept paying Awan as her IT professional after House authorities banned him from the network. She claimed Awan didn’t need to connect to the internet to do the job. Capitol Police later found that Awan took a laptop belonging to her office and left it in a phone booth, where it was discovered late at night. The username was RepDWS. She still didn’t fire him.

“Termination, now it’s the member’s responsibility. … We can revoke everything but they could still be employed,” the CAO said. He added that his office should have the authority to override members who would want to keep a rule-breaker on the government network.

“At the end of the day you have to make sure you protect the House of Representatives, even if that upsets someone,” Harper said.

The inspector general confirmed The Daily Caller News Foundation’s story that all members exempted Awan and his relatives from background checks, missing a slew of red flags. All 44 of the Democrats who employed him had ignored TheDCNF’s request for comment on that story. “As of September 2016, however, we were only able to identify one instance where a shared employee had a background check performed by the House,” the inspector general said.

“House officers cannot compel background checks or compliance with applicable House policies,” the CAO said.

A Republican official close to the investigation has said that Democrats who employed Awan are refusing to assist in his prosecution. No one has been charged more than a year after server logs showed “unauthorized access” and computers containing evidence physically disappeared. The apparent reluctance by members to disciplining bad IT aides, and even to avoid tightening the rules, appeared to parallel the dynamic in the criminal case — and is especially odd considering Democrats’ frequent lamentations about cybersecurity in the context of the 2016 election.

GOP Georgia Rep. Barry Loudermilk highlighted that IT aides could expose constituent information and face no consequences because of the policy’s toothlessness. “Especially if they disclose information we have on constituents or information we’re working on… Does [the policy] spell out what penalties there are, i.e. you can go to jail?” Loudermilk asked.

“There aren’t any penalties,” the CAO replied.

CAO Kiko described “egregious” behavior by Awan, saying “CAO’s Office of Acquisition Management detected and flagged unusual invoices originating from five shared employees who served more than 30 House offices. The invoices, as submitted, were structured in a way to avoid the House’s $500 equipment accountability threshold. Upon further investigation into the five shared employees’ activities, the House IG discovered evidence of procurement fraud and irregularities, numerous violations of House security policies, and violations of the Committee’s Shared Employee Manual, etc.”

He did not elaborate on those violations.

“The bookend to the outside threat is the insider threat. Tremendous efforts are dedicated to protecting the House against these outside threats, however these efforts are undermined when these employees do not adhere to and thumb their nose at our information security policy, and that’s a risk in my opinion we cannot afford,” CAO Kiko said.

Chairman Harper said, “While I will not discuss details of an ongoing criminal investigation, our goal is to make sure that we secure the House for the future so that nothing like that happens again.”

The Awans filed ethics forms that failed to disclose their full finances, including an LLC with ties to an Iraqi government minister. The hearing noted that numerous other aides failed to file the forms without anyone noticing.

CAO Kiko noted that some IT employees wrongfully “perform work offsite without approved telecommuting arrangements” without the members stopping them. That includes logging in from Pakistan, Republican Rep. Louie Gohmert alleged to “Fox & Friends.”

Editor’s Note:

The Daily Caller, Inc., the Daily Caller News Foundation, and Luke Rosiak have settled a defamation lawsuit brought by Imran Awan, Abid Awan, Jamal Awan, Tina Alvi, and Rao Abbas (“the Plaintiffs”), in the D.C. Superior Court, Awan et al. v. The Daily Caller, Inc. et al., No. 2020 CA 000652 B (D.C. Super.) (“The Lawsuit”).
 
The Plaintiffs filed the Lawsuit in 2020, alleging that they were defamed by statements made by The Daily Caller entities and Mr. Rosiak, including statements in Obstruction of Justice, a 2019 book authored by Mr. Rosiak and published by Regnery Publishing, a business of Salem Media Group, Inc., about the Plaintiffs’ work for the U.S. House of Representatives. In response, The Daily Caller entities and Mr. Rosiak each denied liability and contested the Plaintiffs’ claims. 
 
None of the Defendants has admitted to any fault as part of this settlement. Nevertheless, The Daily Caller entities and Mr. Rosiak recognize that no charges have ever been filed against the Plaintiffs relating to their congressional IT work.

Follow Luke on Twitter. Send tips to luke@dailycallernewsfoundation.org. PGP key.

All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact licensing@dailycallernewsfoundation.org.

PREMIUM ARTICLE: Subscribe To Keep Reading
Sign up

By subscribing you agree to our Terms of Use

 You're signed up!

Sign up

By subscribing you agree to our Terms of Use

 You're signed up!
Sign up

By subscribing you agree to our Terms of Use

 You're signed up!

Sign up

By subscribing you agree to our Terms of Use

You're signed up!
Sign up

By subscribing you agree to our Terms of Use

 You're signed up!

Sign Up

By subscribing you agree to our Terms of Use

 You're signed up!
Sign up

By subscribing you agree to our Terms of Use

 You're signed up!
Sign up

By subscribing you agree to our Terms of Use

You're signed up!
BENEFITS READERS PASS PATRIOTS FOUNDERS
Daily and Breaking Newsletters
Daily Caller Shows
Ad Free Experience
Exclusive Articles
Custom Newsletters
Editor Daily Rundown
Behind The Scenes Coverage
Award Winning Documentaries
Patriot War Room
Patriot Live Chat
Exclusive Events
Gold Membership Card
Tucker Mug

What does Founders Club include?

Tucker Mug and Membership Card
Founders

Readers,

Instead of sucking up to the political and corporate powers that dominate America, The Daily Caller is fighting for you — our readers. We humbly ask you to consider joining us in this fight.

Now that millions of readers are rejecting the increasingly biased and even corrupt corporate media and joining us daily, there are powerful forces lined up to stop us: the old guard of the news media hopes to marginalize us; the big corporate ad agencies want to deprive us of revenue and put us out of business; senators threaten to have our reporters arrested for asking simple questions; the big tech platforms want to limit our ability to communicate with you; and the political party establishments feel threatened by our independence.

We don't complain -- we can't stand complainers -- but we do call it how we see it. We have a fight on our hands, and it's intense. We need your help to smash through the big tech, big media and big government blockade.

We're the insurgent outsiders for a reason: our deep-dive investigations hold the powerful to account. Our original videos undermine their narratives on a daily basis. Even our insistence on having fun infuriates them -- because we won’t bend the knee to political correctness.

One reason we stand apart is because we are not afraid to say we love America. We love her with every fiber of our being, and we think she's worth saving from today’s craziness.

Help us save her.

A second reason we stand out is the sheer number of honest responsible reporters we have helped train. We have trained so many solid reporters that they now hold prominent positions at publications across the political spectrum. Hear a rare reasonable voice at a place like CNN? There’s a good chance they were trained at Daily Caller. Same goes for the numerous Daily Caller alumni dominating the news coverage at outlets such as Fox News, Newsmax, Daily Wire and many others.

Simply put, America needs solid reporters fighting to tell the truth or we will never have honest elections or a fair system. We are working tirelessly to make that happen and we are making a difference.

Since 2010, The Daily Caller has grown immensely. We're in the halls of Congress. We're in the Oval Office. And we're in up to 20 million homes every single month. That's 20 million Americans like you who are impossible to ignore.

We can overcome the forces lined up against all of us. This is an important mission but we can’t do it unless you — the everyday Americans forgotten by the establishment — have our back.

Please consider becoming a Daily Caller Patriot today, and help us keep doing work that holds politicians, corporations and other leaders accountable. Help us thumb our noses at political correctness. Help us train a new generation of news reporters who will actually tell the truth. And help us remind Americans everywhere that there are millions of us who remain clear-eyed about our country's greatness.

In return for membership, Daily Caller Patriots will be able to read The Daily Caller without any of the ads that we have long used to support our mission. We know the ads drive you crazy. They drive us crazy too. But we need revenue to keep the fight going. If you join us, we will cut out the ads for you and put every Lincoln-headed cent we earn into amplifying our voice, training even more solid reporters, and giving you the ad-free experience and lightning fast website you deserve.

Patriots will also be eligible for Patriots Only content, newsletters, chats and live events with our reporters and editors. It's simple: welcome us into your lives, and we'll welcome you into ours.

We can save America together.

Become a Daily Caller Patriot today.

Signature

Neil Patel