Former Senate sergeant at arms Frank Larkin, who retired as Senate sergeant at arms in 2018, adds that cybersecurity is the next priority after physical security. In spite of this, the mob Wednesday had ample opportunities to steal information or gain device access if they wanted to. And while the Senate and House each build off of their own shared IT framework, ultimately each of the 435 representatives and 100 senators runs their own office with their own systems. This is a boon to security in the sense that it creates segmentation and decentralization; getting access to Nancy Pelosi's emails doesn't help you access the communications of other representatives. But this also means that there aren't necessarily standardized authentication and monitoring schemes in place. Larkin emphasizes that there is a baseline of monitoring that IT staffers will be able to use to audit and assess whether there was suspicious activity on congressional devices. But he concedes that representatives and senators have varying levels of cybersecurity competence and hygiene.
It's also true that potentially exposed data at the Capitol on Wednesday would not have been classified, given that the mob had access only to unclassified networks. But congressional staffers are not subject to Freedom of Information Act obligations and are often much more candid in their communications than other government officials. Security and intelligence experts also emphasize that troves of unclassified information can still reveal sensitive or even classified information when combined... Kelvin Coleman, executive director of the National Cyber Security Alliance, who formerly worked in the Department of Homeland Security and National Security Council... adds, though, that for now the most important thing congressional IT staffers can do is account for which devices were stolen and begin a mass effort to reset passwords, add multifactor authentication to any accounts that don't already have it, wipe and reimage hard drives when practical, and comb monitoring logs for signs of access or exfiltration.
There is more information at Wired.
No comments:
Post a Comment