IT cleanup at U.S. Capitol presents massive challenge
Besides the exposure of congressional information, the breach of the Capitol presented an opportunity for adversaries to install malware on IT equipment, bug offices and exfiltrate data.
Federal IT staff have a massive job ahead of them cleaning up after the rioters who broke into the U.S. Capitol building, some of whom rifled through lawmakers offices.
While improving physical security for the building and for lawmakers and staff who work there is the first priority, experts have said the rioters’ unprecedented access to offices, files and computers can have serious cybersecurity ramifications.
In some instances, IT equipment was stolen. Sen. Jeff Merkley (D-Ore.) said a laptop was taken off a conference table in his office, and House Speaker Nancy Pelosi’s (D-Calif.) staff also reported the theft of a laptop. A desktop in Pelosi’s office that was left on and unsecured allowed the rioters to read the staffer’s email and take photos of the PC’s screen.
Fortunately, each lawmakers’ office runs its own IT systems even as each chamber of Congress shares an IT framework, according to an article in Wired. The resulting segmentation and decentralization prevents a breach in one office from spreading across Congress. On the other hand, “there aren't necessarily standardized authentication and monitoring schemes in place,” former Senate Sergeant at Arms Frank Larkin told the news site.
While laptops can be wiped, passwords reset and access logs monitored, the fact that intruders roamed freely through congressional offices complicates cybersecurity going forward.
Even though the data on staff computers would not have been classified, adversaries could still piece together intelligence from information exposed or stolen from members’ offices. The break-in also presented an opportunity to adversaries who may have been among the rioters to install malware on IT equipment, bug offices and exfiltrate data.
“I don’t think every office that was entered everything needs to be burned to the ground, but you need to be acknowledging that there’s real intelligence value in learning legislators’ intentions and plans on policy,” Jake Williams, founder of Rendition Infosec and a former National Security Agency hacker, told Wired. “This security breach is a big deal.”
“Anytime there’s a physical breach of a space, I automatically assume it was a digital compromise as well,” Kelvin Coleman, executive director of the National Cyber Security Alliance, who formerly worked in the Department of Homeland Security and National Security Council, said. “This is just a bad, bad storm that we find ourselves in, and cybersecurity is absolutely included in that.”