The insurrection at the U.S. Capitol Wednesday, which saw rioters storm the building and reportedly steal devices belonging to government officials, opened what one cybersecurity expert has called a Pandora’s box of national security and data privacy issues.
Multiple sources pointed to the need to treat the incident as a breach of IT assets, regardless of whether evidence shows any malicious activity: devices will need to be swept, technical surveillance countermeasures will have to be put in place to ensure there are no eavesdropping devices, and network traffic must be monitored long term.
“When you lose physical control of a space, you have to assume everything is compromised,” said Bryson Bort, founder and CEO at SCYTHE. “Everything should be rebuilt from the ground up.”
The incident, as well as the response among those on Capitol Hill tasked with securing government technology assets, serves as a dramatic and evolving case study for public and private sector entities regarding the scope of cybersecurity risk tied to a physical breach.
Assessing the damage
In the initial hours, days and weeks, cybersecurity teams will be considering risk factors that existed at the time of the incident.
“If their workstations were unlocked during the scurry there is no telling what could have been accessed with the privileges of the user,” said M. Michael Mitama, CEO at THETA432. “Whatever the end user was reviewing at the time would have been left open for all eyes to see. Mobile phones could have captured photos of the desktop contents to be used later in consequential attacks. USB access (if not blocked) could have introduced malware into the entire network of the hosts. Ransomware introduction could have shut down the entire network and would have caused cata ..
Support the originator by clicking the read the rest link below.
