Lessons Learned from the Capitol Breach: Immediate Next Steps

  • By Peter Kelley
  • Jan 21, 2021

Much of the U.S. Capital’s cybersecurity infrastructure must now be considered suspect, given the recent attack, and possible physical and cyber breach of systems, networks and devices.

“Given the potential for highly sensitive information to be on the equipment used by members of the House and Senate, the best course with any device that may have been compromised is to rebuild it from a bare system, restoring needed data from backup,” said Saryu Nayyar, the CEO of Gurucul.

“If there was any chance for a third party to have gotten physical access to the device, it must be assumed that the device has been compromised and some form of malware has been installed.

“Essentially, these intruders may have accessed any types of information and systems. If any of the people who stormed the Capitol gained physical access to a system, there is a very real possibility that it has been compromised. It could be anything from IoT devices to desktops, laptops, tablets, or phones. While there is no specific evidence released to the public that any of the intruders had the required skills, it is logical to assume that at least a few of them did and to act accordingly.”

Moreover, it is naïve to assume that the attackers themselves were the sole threats to The Capital’s IT infrastructure during the attack.

“Watching the mob marauding thru the Capitol had me thinking of how a few foreign agents with malicious intent could mix in with the mob and do significant damage,” said David J. Perez CEO at Shared Assessments. “Digital listening devices and malware could have been installed on computers or phones. In fact, there was a cell phone on the desk in the photo of the man in Nancy Pelosi’s office. This was a serious national security breach particularly on the heels of the reporting of the massive cyber breach. The Russians won’t be distracted by this chaos, they will use it to their advantage.”

“This event was an example of the ‘Big Unknown.’ The only thing we can predict in cybersecurity is that we often won’t know what happens next,” said Chloé Messdaghi, chief strategist at Point3 Security.

“When someone has physical access to your computer, it’s over in terms of device security. What we do on and with our own devices in our own offices day to day has greater impact than we know,” she said.

“There’s zero excuse for an unlocked computer – in either the public or private sectors. This is a huge situation because some staffers definitely had unlocked computers and at least one that we know of was stolen. This potentially gave these intruders physical access to really sensitive materials.”

Immediate Next Steps
Undoubtedly, analysis to identify all potentially exposed data and systems is underway, and IT and cybersecurity teams are working on restoration, rebuilding and mitigation.

“Inventory Incident Response (IR) needs to be run, and the networks are probably going to have to be rebuilt. Every computer needs to be wiped and every device such as fax and copy machines must be inspected before going back on the net,” Messdaghi said.

"In terms of the kind of protocols that are likely in place to bolster security and ensure no one gets into systems under such a future event, then at the very least, there should be multi-factor authentication,” Nayyar said. “The government has had this technology in place for many years, and it is almost certainly in use at the Capitol. Secure systems are kept in areas that restrict physical access, which makes compromising them much more difficult.”

This advice translates to corporations and organizations of all types.

“Plan to avoid a cyber incident provoked by a physical intrusion, whether from a physical assault on a facility or through the theft of a laptop or other device,” Nayyar said. “Software designed to detect unusual access on endpoints should be in place, and a behavior analytics platform can quickly identify unusual activity on the network or connected hosts.”

Messdaghi recommends that all staff have enabled disk encryption, and device passwords that are complex, frequently changed, and non-intuitive.

“We won’t yet know if anyone did anything with cyber resources but this shows why we can take zero chances. Both foreign and domestic terrorists are in search of anything they can purloin.”

She sees the appointment of Anne Neuberger to a newly created cybersecurity role on the National Security Council as welcome news. Neuberger has served as the NSA’s director of cybersecurity since 2019 and has been with the Agency for more than a decade.

“She’ll undoubtedly incorporate the Capital events into her planning. Her background also includes policy and civil liberties, and is exactly what we need at this time,” Messdaghi said.

Featured

  • Meeting Modern Demands

    Door hardware and access control continue to be at the forefront of innovation within the security industry, continuously evolving to meet the dynamic needs of commercial spaces. Read Now

  • Leveraging IoT and Open Platform VMS for a Connected Future

    The evolution of urban environments is being reshaped by the convergence of Internet of Things (IoT) technology and open platform VMS. As cities worldwide grapple with growing populations and increasing operational complexities, these integrated technologies are emerging as powerful tools for creating more livable, efficient, and secure urban spaces. Read Now

  • Securing the Future

    Two security experts sit down with Security Today’s editor in chief Ralph C. Jensen to discuss what they see emerging and changing over the next several years along with how security stakeholders can harness these innovations into opportunities. Read Now

  • Collaboration Made Easy Using a Work Management Platform

    Effective collaboration between security operators, teams and other departments is critical to the smooth functioning of organizations. Yet, as organizations grow in complexity, it becomes more difficult for teams to coordinate with each other. This is compounded by staffing shortages, turnover and ineffective collaboration tools. Read Now

  • Creating a Safer World

    Managing and supporting locks and door hardware within a facility is a big responsibility. A building’s security needs to change over time as occupancy and use demands evolve, which can make it even more challenging. Read Now

Most   Popular

New Products

  • Hanwha QNO-7012R

    Hanwha QNO-7012R

    The Q Series cameras are equipped with an Open Platform chipset for easy and seamless integration with third-party systems and solutions, and analog video output (CVBS) support for easy camera positioning during installation. A suite of on-board intelligent video analytics covers tampering, directional/virtual line detection, defocus detection, enter/exit, and motion detection.

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.