Senators’ examination of Russian efforts to undermine democracies took a turn that hit close to home on Wednesday, when witnesses openly speculated to the Judiciary Subcommittee on Crime and Terrorism that Congress itself was likely the victim of nefarious hacking.

When Sen. Ben Sasse, R-Neb., asked experts testifying about the likelihood of such an incursion, former Estonian President Toomas Hendrik Ilves offered it was “almost certain” congressional IT systems have been infiltrated by Russia’s security services, particularly if two-factor security is not deployed.

Ben Buchanan, a fellow at the cyber security project at Harvardf’s Belfer Center for Science and International Affairs, went a step further than Ilves, suggesting intruders may be operating inside the network.

“I think that I’d be very concerned. If you put me in charge of congressional IT tomorrow, I would not spend my first action looking outward. I would look inward,” Buchanan said. “But that is true of any high-priority network at this point. Find the intruders who are already inside.”

Calls to legislative branch offices with responsibility for IT operations in the Capitol did not yield any guidance.