Wednesday, 6th January 2021 will be considered one of the darkest days in US history when the epicenter of democracy, Capitol Hill was rushed by an angry mob of Pro-Trump protestors. While mainstream media is discussing how it was a failure of law enforcement agencies their handling of the incident, one aspect that is now raising alarms is the huge cybersecurity mess that digital forensic experts now have to deal with.
Wednesday’s attack on the Capitol Hill didn’t just pose physical safety risks for Congressmen and Congresswomen, but also serious national security risks with missing laptops and stolen emails.
Highly sensitive data pertinent to national security could be leaked out into the wild. While there has been no indication of any hacking attempts made by rioters, at least 3 computer systems were stolen from Senators’ offices. This is a big challenge for digital forensic experts in backtracking, tracing and limiting the damages associated with this theft.
One can safely assume that any device within the physical premises of the Capitol could have been compromised including iPads, smartphones, desktop PCs and laptops.
But that’s not even the biggest cybersecurity mess that IT experts could be dealing with.
The White House has strict security protocols with pre-defined access to data only belonging to respective officials.
But that’s not a cybersecurity protocol that Congress usually follows. Congress isn’t as secure as The White House, with no little to no restrictions on data, akin to a hospital.
The riots at The Capitol showed just how weak physical security was at the premises, which brings us to another question:
If the physical security was so weak, just how weak could the cybersecurity be?
There is no indication that Congress used any kind of remote software that could have been utilized to turn off and lock systems throughout the entire network.
It is also unclear if any and all laptops, tablets and smartphones in use by the officials were encrypted. Encryption provides a much-needed layer of security that scrambles the data rendering it useless without the decryption key.
Here’s what the cybersecurity staffers ideally should do in the aftermaths of riots:
- Remotely wipe out all data on stolen devices
- Ensure contingency of 2 Factor Authentication systems
- Remotely lock all stolen devices such as Android smartphones, iPads and iPhones
- Use backups to restore data onto new devices
It is important to get back up online as soon as possible.
Unfortunately, such incidents have dangerous spillover effects. It is going to come at an unexpected cost in terms of time, effort and money to clear up this mess, the brunt of which will be borne by American taxpayers and citizens.