By GCN Staff
Jan 11, 2021
Federal IT staff have a massive job ahead of them cleaning up after the rioters who broke into the U.S. Capitol building, some of whom rifled through lawmakers offices.
While improving physical security for the building and for lawmakers and staff who work there is the first priority, experts have said the rioters’ unprecedented access to offices, files and computers can have serious cybersecurity ramifications.
In some instances, IT equipment was stolen. Sen. Jeff Merkley (D-Ore.) said a laptop was taken off a conference table in his office, and House Speaker Nancy Pelosi’s (D-Calif.) staff also reported the theft of a laptop. A desktop in Pelosi’s office that was left on and unsecured allowed the rioters to read the staffer’s email and take photos of the PC’s screen.
Cleaning up SolarWinds hack may cost as much as $100 billion [CQ-Roll Call :: BC-US-CYBERATTACKS-COST:CON]
WASHINGTON American businesses and government agencies could be spending upward of $100 billion over many months to contain and fix the damage from the Russian hack against the SolarWinds software used by so many Fortune 500 companies and U.S. government departments.
“Unlike good wine, this case continues to get worse with age,” said Frank Cilluffo, director of Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security. “For a lot of folks, the more they dig, the worse the picture looks.”
Not only were at least four government departments targeted by the Kremlin hack Commerce, Treasury, Homeland Security and Justice but also thousands of top global corporations who were customers of SolarWinds, Cilluffo said. While government agencies appeared to be primary targets, “it doesn’t mean the private sector isn’t affected as well,”
With organizations using SolarWinds’ Orion network management platform still assessing the potential damage to their systems, one U.S. expert estimates it could cost organizations around the world as much as $100 billion to investigate and fix. Everyone is trying to figure out how far the hackers penetrated computer networks and how to get rid of them, says Jake Williams, a former National Security Agency hacker who’s now the founder of Rendition Infosec LLC, a cybersecurity firm.
“The reality is everybody is spending resources right now,” Williams told
Roll Call, a site that reports on American federal politics, and the global price tag is likely to be in the billions. “The true cost could be hundreds of billions of dollars.”
Cleaning up SolarWinds hack may cost as much as $100 billion
WASHINGTON American businesses and government agencies could be spending upward of $100 billion over many months to contain and fix the damage from the Russian hack against the SolarWinds software used by so many Fortune 500 companies and U.S. government departments.
“Unlike good wine, this case continues to get worse with age,” said Frank Cilluffo, director of Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security. “For a lot of folks, the more they dig, the worse the picture looks.”
Not only were at least four government departments targeted by the Kremlin hack Commerce, Treasury, Homeland Security and Justice but also thousands of top global corporations who were customers of SolarWinds, Cilluffo said. While government agencies appeared to be primary targets, “it doesn’t mean the private sector isn’t affected as well,” he said.