The huge invasion of Congressional offices by Trump supporters Wednesday has created tremendous cybersecurity risks which likely means IT systems will have to be thrown out, experts say.
Twitter was quickly full of comments by IT professionals Wednesday as images of rioters filled TV screens, including one sitting behind the desk of House Speaker Nancy Pelosi (below). “Every computer, every piece of data in the Capitol should now be considered compromised. In terms of national security,” tweeted one tech worker. “We are weaker as a nation than we were two hours ago.”
Another wrote, “My heart goes out to the unsung IT heroes at the Capitol tonight. My guess is they’ve never had to run asset inventory IR (incident response) before – a daunting, stressful task in a tabletop exercise – and they’re running one (prob w/o a playbook) following a full-on assault of the Capitol.”
The federal government “should assume the worst and should be conducting a full investigation,” says Jon Oltsik, senior principal analyst who focuses on cybersecurity. “{This would involve reviewing all security footage to see where the rioters went and reviewing the status of all systems at the Capitol during the time of the insurrection. I imagine IT can review log files, EDR tools, and logs to see if any systems were active during that timeframe.
“While it’s unlikely that the rioters installed malware on these systems, the security team should fully investigate this. All systems containing sensitive/classified data should be immediately identified and inspected. IT should report on stolen systems immediately, triggering forensic investigations and alerting intelligence agencies to monitor for any “chatter” regarding the content of these systems.”
Protestors or people using the demonstrators as cover should be assumed to have compromised computers and even physical documents, say experts interviewed by BankingSecurity.com.
“Any malicious actor can walk in there with the others with a thumb drive and access a computer. Every system in there will have to be checked,” warned Frank Downs, a former U.S. National Security Agency offensive threat analyst and now director of proactive services at the security firm BlueVoyant.
Mike Hamilton, a former Department of Homeland Security analyst and now CISO with security firm CI Security was also quoted as saying the protests provided an open door for threat actors.
“This is a really great time for another country to exercise access they may have that may be dormant and waiting for an opportunity like this – for example, Senate and House communication systems,” he said. “It’s not like people aren’t monitoring, but their gaze is definitely averted right now.”
(This story has been updated from the original with comments from Jon Oltsik)