In the aftermath of destructive riots that trashed the United States Capitol on Wednesday, the nation is grappling with questions about the stability and trajectory of US democracy. But inside the Capitol building itself, the congressional support staff is dealing with more immediate logistics, like cleanup and repairs. A crucial part of that: the process of securing the offices and digital systems after hundreds of people had unprecedented access to them.
Allowing physical access to a location can have serious cybersecurity ramifications. Rioters could have bugged congressional offices, exfiltrated data from unlocked computers, or installed malware on exposed devices. In the rush to evacuate the Capitol, some computers were left unlocked and remained accessible by the time rioters arrived. And at least some equipment was stolen; Senator Jeff Merkley of Oregon said in a video late Wednesday that intruders took one of his office’s laptops off a conference table.
“You have to step back and realize that foreign intelligence could have looked at this and said, ‘Yeah, this is going to be an opportunity,” says Williams, founder of Rendition Infosec. “I don’t think every office that was entered everything needs to be burned to the ground, but you need to be acknowledging that there’s real intelligence value in learning legislators’ intentions and plans on policy. This security breach is a big deal.”
“One thing I can guarantee you is that in Tehran, in Moscow, in Beijing folks are sitting in meetings right now thinking how can we take advantage of this?" says Kelvin Coleman, executive director of the National Cyber Security Alliance, who formerly worked in the Department of Homeland Security and National Security Council.