After witnessing the horrific events that happened at the US Capitol building, I was left pondering the many problems that were surfaced and mentioned throughout the media. All are very serious matters and affect the quality of lives for those in the US. However, working in the cybersecurity space for twenty years and as a former red-teamer, I noted some aspects of the events that didn’t garner much attention that I wanted to share.
The cybersecurity of our nation’s leaders was also in jeopardy Wednesday and should get some attention as it could have long term consequences. I saw images via news and social media outlets of the actors with physical and logistical access to IT systems and physical spaces in the Capitol.
Sophisticated cyber threat actors are very opportunistic and constantly trying to access US Government systems through any vector possible. I saw images of intruders with direct physical access to top US Government officials’ computers – with some unlocked and open to email. Any cybersecurity expert knows what can happen if an adversary has either direct access to logged on systems or simply physical access to IT systems or sensitive meeting spaces.
Adversarial threat actors have tremendous cyber capabilities, so it’s not far-fetched to think the integrity or confidentiality of the IT systems and rooms are in jeopardy. One of the many intruders could have been directed or compelled to specifically target the IT systems or meeting rooms of the Capitol with the intent to install malicious code or plant monitoring devices. I hope a thorough investigation is also being conducted to analyze, monitor, and ensure the integrity of these IT systems that were exposed during Wednesday’s events. Also, the building should be extensively swept looking for bugs and devices (audio and video) in areas deemed secure for confidential and classified discussions.
We have a lot of work to do as a nation and as people of this great country to make life better for the many who are suffering. To do so, we must ensure the security and integrity of the cyber domain and meeting spaces in the Capitol, of which we all depend on. Throughout my career, I’ve encountered many users that didn’t believe threat actors were as capable as they are nor that their systems were easily exposed. I share this historical reference with them as proof and as a wake-up call, Operation Buckshot Yankee. The scariest part is, in the 12 years since “the most significant breach of U.S. military computers ever,” attackers have gotten more brazen and sophisticated and an event could have allowed direct access for hours.