The US Federal Election Commission has officially voted to allow members of Congress to use their campaign funds on cybersecurity protection.

The ruling means that senators and House reps will be able to purchase things like anti-malware subscriptions, two-factor authentication tokens and secure home routers with leftover campaign money after they take office.

The commission on Thursday voted to approve the draft document (PDF) putting the ruling on paper.

"Yes, you may use campaign funds to pay for cybersecurity protection for your personal devices and accounts," the FEC said.

"Such expenses fall within the uses defined as permissible under the Act: ordinary and necessary expenses incurred in connection with the duties of the individual as a holder of federal office."

This after Sen. Ron Wyden (D-OR) wrote in (PDF) to the commission earlier this year seeking clarification on whether it was legal for him to use his campaign's surplus money to make sure he and his staff were secure from outside attackers.

Congressman called out for $1,300 video game binge READ MORE

"Effectively defending against these threats imposes prohibitive costs and should not be the sole personal financial responsibility of members," Wyden argued.

The ruling comes ahead of a huge turnover from the 2018 mid-term elections. When the new Congress is sworn in next month, 100 freshmen Reps and 10 Senators will be taking office for their first terms in DC.

While the ruling will create more money to spend on security, experts argue that much more should be done to protect staff from targeted attacks on their accounts and devices.

"The ruling by the FEC allowing leftover campaign funds to purchase additional cybersecurity detection and protection has kept the conversation about election protection going," Obsidian Security CTO Ben Johnson said.

"We need to ask whether cybersecurity should have to rely on unpredictable leftover funds or if it should be a key component to candidates’ campaign machinery." ®