RIOT EXPOSED CAPITOL'S IT VULNERABILITIES
Devices were stolen from members' offices. Were networks penetrated as well?
A rioting mob Wednesday breached the Capitol Building, destroying, looting and compromising the integrity of the electoral process. But the attack also laid bare the insecurity of the legislative branch’s IT systems, including computers left running and exposed and reports of devices stolen from member’s offices.
Wednesday’s attack on the Capitol requires far more important conversations about the security of our nation and democracy than it does about the IT devices and data housed within. But the importance of information and cybersecurity are not minor—as seen in two major months-long espionage campaigns backed by China and Russia in the last five years—and have significant implications for national security.
After successfully breaching the Capitol Building, hundreds, if not thousands of Trump supporters wove their way through the labyrinth of hallways, searching rooms, breaking into members’ offices and committee chambers. As of Thursday afternoon, there were no public evidence or statements rioters had gained access to the most secure parts of the Capitol: the sensitive compartmented information facilities, or SCIFs.
However, at least one member of Congress reported the theft of a laptop from his office.
Sen. Jeff Merkley, D-Ore., recorded video of his destroyed office in the aftermath of the attack. Merkley said his office door was unlocked, though the attacker chose to break the door off its hinges nonetheless.
“They stole the laptop that was sitting on the table next to the telephone,” he says in the video.
“So, count this office trashed,” he added.
And at least one photo emerged on social media—later deleted, though Nextgov obtained a screenshot—of a desktop computer left on and unsecured in the office of House Speaker Nancy Pelosi. Rioters could see open emails and an alert from Capitol police warning of the ongoing siege.
“The breach is clearly alarming on many levels, starting with the physical violence,” Dan Lips, director of cyber and national security at Lincoln Network, told Nextgov. “It’s problematic that the intruders apparently had access to offices in the Capitol building. An intruder could have gained physical access to a machine, inserted a jump drive to compromise a machine. Devices could have been stolen and so forth. While the immediate focus is on clearing the buildings and making sure there are no physical security risks, the sergeant at arms offices will need to investigate and remediate these potential risks.”
Lips noted that the amount of available—and reliable—information about what happened Wednesday is limited, though the trail of destruction was clearly visible.
“It’s also possible that an adversary might take advantage of the opportunity to join the protestors,” he said. “I expect that offices and the [Senate Sergeant at Arms] offices will be doing after-action reviews. That should include an assessment of potential technology impacts.”
While the risk is low that truly sensitive information leaked, it is not nonexistent, Lips said.
“Leadership offices located in the Capitol would presumably have sensitive internal communications that adversaries would like to access,” he said. “Even if they were just accessing internal emails and memos, such information could provide insight into the inner workings of the U.S. Congress.”
There are some simple security measures members could have taken to limit some of the compromise, according to Jamil Jaffer, founder and executive director of the National Security Institute at George Mason University and former counsel for the House Intelligence Committee and Senate Foreign Relations Committee. In reference to pictures on social media of unlocked computers—including one of a desktop in House Speaker Nancy Pelosi’s office showing open email messages and a flash alert warning members of the ongoing siege—Jaffer suggested a two-minute lock policy would have been an easy solution.
“I get it: If you have to run out because it’s an emergency and people are storming the building with guns, you have to leave ASAP,” he said. “But your computer should automatically lock two minutes after that.”
Para el ver artículo original: https://www.defenseone.com/threats/2021/01/capitol-riot-opens-congress-potential-it-compromise/171268/
Últimos Artículos
