Brian Honan, CEO and principal consultant,
BH Consulting
Investigators continue to probe last week s violent storming of the U.S. Capitol. The insurrection left in its wake a potential information security nightmare. The U.S. Justice Department has said that the event may have a “national security” impact, and it s still cataloging the records and devices that may have been stolen after insurgents looted lawmakers offices.
Cybersecurity expert Brian Honan says that every unattended electronic device, including computers and phones, must now be treated as having potentially been compromised (see:
The Cyber Risk Management Challenges After Capitol Riot). A key to question to ask, he says, is: What can we do as security professionals to minimize the risk to our data in the event of such a situation?
Rioters stormed the Capitol on Wednesday. (Photo: C-SPAN)
After the occupation of the U.S. Capitol by pro-Trump rioters Wednesday, an emergency response plan to ensure federal computers were locked down apparently was not activated, some experts say. As a result, federal security teams are likely scrambling to detect and repair any damage done.
News reports about stolen computers as well as protesters occupying offices in which computers were left on are raising serious security concerns. I was very disappointed to see that the computers in [Speaker of the House] Nancy Pelosi s office were left on and were unlocked,” says retired Air Force Brigadier Gen. Gregory Touhill, former U.S. CISO and now CEO of Appgate Federal. “That is an incredibly poor security practice. You would have thought that they would have unplugged them as they evacuated the offices.
In less than a month, President-elect Joe Biden will be sworn into office and immediately confront a list of cybersecurity problems ranging from a now-leaderless Cybersecurity and Infrastructure Security Agency to the SolarWinds breach, which affected large portions of the federal government and private industry.
Before the election, Biden spoke generally about how his approach to foreign policy, such as rebuilding alliances with European allies, and how a more direct approach to Russia would shape not only national security in his administration but cybersecurity, as well (see:
On Monday, post-SolarWinds, Biden took a much more direct approach to cybersecurity, noting that the U.S. risks falling behind countries such as China and Russia.
Get Permission The Department of Homeland Security is warning U.S. companies about data theft risks associated with the use of Chinese technology and digital services.
In an advisory, DHS says that American businesses that rely on Chinese tech will be prone to government-sanctioned data theft under a new law in China that enables the government to require firms to turn over data “under the pretense of national security.”
U.S. businesses using Chinese technology - or services that are connected remotely to Chinese companies - should minimize the amount of data stored in China because it may be accessible by government authorities, DHS advises.