Attack on Capitol Building Highlights Congress’ Cyber Weaknesses


Cybersecurity experts are calling on Congress to assess its cybersecurity practices, after a violent mob breached security at the U.S. Capitol and also gained access to the desktop and laptop computers and other electronic devices in lawmakers’ offices. As yet, investigators have not uncovered evidence the devices were tampered with or that data was breached, but Senator Jeff Merkeley (D-OR) has reported a laptop was stolen from his office and other lawmakers have indicated tablet devices have gone missing. News reports have also suggested that protesters entered offices where devices were powered on and unlocked. “I was very disappointed to see that the computers in [Speaker of the House] Nancy Pelosi’s office were left on and were unlocked,” remarked former U.S. CISO Air Force Brigadier General (ret) Gregory Touhill. “That is an incredibly poor security practice. You would have thought that they would have unplugged them as they evacuated the offices.”

As Congress deals with the fallout of the massive breach of its physical security, experts hope lawmakers also assess the state of the legislature’s cybersecurity. While initial reports didn’t indicate that the individuals who accessed the building made obvious attempts to steal data or plant malware, experts say that more sophisticated attackers, with better planning and resources, could have done significant damage. “Close-access attacks can be difficult to detect and mitigate,” remarked Bruce Potter, chief information security officer at cybersecurity firm Expel. “If an adversary has unfettered physical access to a network or physical space, the only limits to the type of access they can get are their imagination and resources.”