Library of Congress wracked by DNS attack

Sites hosted by the Library of Congress, including Congress.gov, have been down intermittently since a July 17 attack.

Shutterstock image: Library of Congress interior.

The Library of Congress was the target of a denial-of-service attack that has knocked out Congress.gov and the U.S. Copyright Office website, and caused outages at other sites hosted by the library.

Library spokesperson Gayle Osterberg told FCW that the DNS attack was launched July 17 and continues to affect library operations, including internal websites and employee email.

"The Library is working to maintain access to its online services while ensuring security," Osterberg said.

There was no information on the source of the attack, which comes just a few days after Carla Hayden was confirmed by the Senate as the Librarian of Congress. In an April confirmation hearing, Hayden pledged to modernize library systems.

Cybersecurity at the Library has come under fire from watchdogs before. The Government Accountability Office issued a limited distribution report in June 2015 identifying a host of technical weaknesses in the Library's information security posture, along with 74 suggestions for remediation. GAO identified weaknesses in patch management, boundary protection, configuration management and other areas. The report is not public, but was mentioned in a footnote in Dec. 2015 testimony from a GAO IT specialist.

Library CIO Bernard A. Barton, who took over the top tech job in September 2015, said that implementing fixes to aging IT systems and problems identified by the GAO would be a big part of his job.