Estimated reading time: 2 minutes, 12 seconds

How Bad Was the Capitol Riot for Cybersecurity? Featured

While the mob that stormed the U.S. Capitol on January 6 raised cybersecurity concerns, the pro-Trump rioters probably do not pose a grave threat to the nation’s information security, according to industry experts.

revolution 30590 640There was no sign that any of the protesters had technology skills or planned to install malware on congressional devices, said Suzanne Spaulding, an advisor to Nozomi Networks and former undersecretary for the Department of Homeland Security. “From an IT perspective, when I look at the events of what happened [that day] and all of the incredible implications… the IT cybersecurity concerns are not the highest on my list,” Spaulding told the Los Angeles Times.

To be sure, as acting U.S. Attorney for D.C. Michael Sherwin announced, “Electronic items were stolen from senators’ offices,” with potential ramifications for what he described as “national security equities.” Insurrectionists made off with at least two computers, including devices belonging to House Speaker Nancy Pelosi (D-Calif.) and Sen. Jeff Merkley (D-Ore.). And as Slate notes, cybersecurity protocols in Congress are not necessarily as stringent as for the executive branch.

Still, as TechCrunch reports, classified information in congressional computers is stored in separate “sensitive compartmented information facilities,” or SCIFs, in locked-down sections of the building. There has not yet been a sign that any SCIFs were breached. What’s more, most staffers, like other people nationwide who are able, have been working remotely.

Andrew McLaughlin, who served as the deputy chief technology officer of the United States during the Obama administration, told Slate that while the worst-case scenario would be someone using USB drives to infect congressional computers with malware, that’s highly improbable. After all, USB drives are supposed to be disabled on those computers.

In the end, although the likely jeopardy to U.S. cybersecurity from the incident doesn’t seem great, congressional IT staffers will have their work cut out for them cleaning up after the incident. Kiersten Todt, managing director of the Cyber Readiness Institute, told CNN she’d hope “that the congressional IT division was on top of things and taking inventory across all offices, checking to see which devices were accounted for, and which were not, and were able to wipe those devices clean immediately.”

A note of warning remains. “Regardless of how much they want to downplay this, the laptop has to have at least access that could be leveraged,” Brandon Hoffman, the chief information security officer at IT security provider Netenrich, told The Guardian. “It’s highly unlikely that this laptop was sitting there with no files, or file access, or any other useful information to somebody looking for leverage or retribution.”

Read 1768 times
Rate this item
(0 votes)

Visit other PMG Sites:

PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.