Lessons Learned from the Capitol Breach: Immediate Next Steps

Much of the U.S. Capital’s cybersecurity infrastructure must now be considered suspect, given the recent attack, and possible physical and cyber breach of systems, networks and devices.

“Given the potential for highly sensitive information to be on the equipment used by members of the House and Senate, the best course with any device that may have been compromised is to rebuild it from a bare system, restoring needed data from backup,” said Saryu Nayyar, the CEO of Gurucul.

“If there was any chance for a third party to have gotten physical access to the device, it must be assumed that the device has been compromised and some form of malware has been installed.

“Essentially, these intruders may have accessed any types of information and systems. If any of the people who stormed the Capitol gained physical access to a system, there is a very real possibility that it has been compromised. It could be anything from IoT devices to desktops, laptops, tablets, or phones. While there is no specific evidence released to the public that any of the intruders had the required skills, it is logical to assume that at least a few of them did and to act accordingly.”

Moreover, it is naïve to assume that the attackers themselves were the sole threats to The Capital’s IT infrastructure during the attack.

“Watching the mob marauding thru the Capitol had me thinking of how a few foreign agents with malicious intent could mix in with the mob and do significant damage,” said David J. Perez CEO at Shared Assessments. “Digital listening devices and malware could have been installed on computers or phones. In fact, there was a cell phone on the desk in the photo of the man in Nancy Pelosi’s office. This was a serious national security breach particularly on the heels of the reporting of the massive cyber breach. The Russians won’t be distracted by this chaos, they will use it to their advantage.”

“This event was an example of the ‘Big Unknown.’ The only thing we can predict in cybersecurity is that we often won’t know what happens next,” said Chloé Messdaghi, chief strategist at Point3 Security.

“When someone has physical access to your computer, it’s over in terms of device security. What we do on and with our own devices in our own offices day to day has greater impact than we know,” she said.

“There’s zero excuse for an unlocked computer – in either the public or private sectors. This is a huge situation because some staffers definitely had unlocked computers and at least one that we know of was stolen. This potentially gave these intruders physical access to really sensitive materials.”

Immediate Next Steps
Undoubtedly, analysis to identify all potentially exposed data and systems is underway, and IT and cybersecurity teams are working on restoration, rebuilding and mitigation.

“Inventory Incident Response (IR) needs to be run, and the networks are probably going to have to be rebuilt. Every computer needs to be wiped and every device such as fax and copy machines must be inspected before going back on the net,” Messdaghi said.

"In terms of the kind of protocols that are likely in place to bolster security and ensure no one gets into systems under such a future event, then at the very least, there should be multi-factor authentication,” Nayyar said. “The government has had this technology in place for many years, and it is almost certainly in use at the Capitol. Secure systems are kept in areas that restrict physical access, which makes compromising them much more difficult.”

This advice translates to corporations and organizations of all types.

“Plan to avoid a cyber incident provoked by a physical intrusion, whether from a physical assault on a facility or through the theft of a laptop or other device,” Nayyar said. “Software designed to detect unusual access on endpoints should be in place, and a behavior analytics platform can quickly identify unusual activity on the network or connected hosts.”

Messdaghi recommends that all staff have enabled disk encryption, and device passwords that are complex, frequently changed, and non-intuitive.

“We won’t yet know if anyone did anything with cyber resources but this shows why we can take zero chances. Both foreign and domestic terrorists are in search of anything they can purloin.”

She sees the appointment of Anne Neuberger to a newly created cybersecurity role on the National Security Council as welcome news. Neuberger has served as the NSA’s director of cybersecurity since 2019 and has been with the Agency for more than a decade.

“She’ll undoubtedly incorporate the Capital events into her planning. Her background also includes policy and civil liberties, and is exactly what we need at this time,” Messdaghi said.

Featured

  • Maximizing Your Security Budget This Year

    7 Ways You Can Secure a High-Traffic Commercial Security Gate  

    Your commercial security gate is one of your most powerful tools to keep thieves off your property. Without a security gate, your commercial perimeter security plan is all for nothing. Read Now

  • The Power of a Layered Approach to Safety

    In a perfect world, every school would have an unlimited budget to help secure their schools. In reality, schools must prioritize what budget they have while navigating the complexities surrounding school security and lockdown. Read Now

  • How a Security System Can Enhance Arena Safety and the Fan Experience

    Ensuring guests have both a memorable experience and a safe one is no small feat for your physical security team. Stadiums, ballparks, arenas, and other large event venues are increasingly leveraging new technologies to transform the fan experience and maintain a high level of security. The goal is to preserve the integrity and excitement of the event while enhancing security and remaining “behind the scenes.” Read Now

  • Protecting Data is Critical

    To say that the Internet of Things (IoT) has become a part of everyday life would be a dramatic understatement. At this point, you would be hard-pressed to find an electronic device that is not connected to the internet. Read Now

Featured Cybersecurity

Webinars

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3