In the wake of the storming of the U.S. Congress by a mob of Trump supporters, the entire IT infrastructure of both the Senate and the House of Representatives must be thoroughly scrutinized. Images of unlocked PCs in congressmen’s and congresswomen’s offices circulated on Twitter, so parts of the network should be presumed to have been compromised. These images also revealed shortcomings in the security awareness of some staff members.
Even in the office of Speaker of the House Nancy Pelosi, one computer was left unlocked, with the contents of the Outlook account openly available for anyone to view. Although it is unlikely that classified data are processed on these computers, the information stored there is surely of great interest to political opponents or intelligence services. It can be assumed that many more computers were similarly vulnerable.
Security awareness is about making the right decisions – even in critical situations and under stress. Especially when people are faced with an exceptional situation, they tend to follow their instincts and rely on habitual behavioral patterns. Employees must lock their computers whenever they leave their workplaces, even if it’s only to get a quick cup of coffee.
It is also incomprehensible that the screens did not automatically lock after a brief period of inactivity. IT managers can enforce automatic locking by integrating it into group guidelines. This is basically a standard procedure in IT security.
Already on the evening of the day of the attack, police reported that the building had been secured. Debate on the certification of the election victory of future President Joe Biden, which is ordinarily a mere parliamentary formality, was concluded successfully late that night. But the cleanup of the Capitol’s IT systems will take much longer. “After unlocked computers were found, the congressional network should be regarded as having been compromised,” Gierow says. “All computers should be thoroughly analyzed and rebooted. If the scrutiny discovers that systems have been successfully accessed, they must be replaced.” After all, it cannot be ruled out that agents of intelligence agencies infiltrated the mob, hoping to take advantage of the chaos to gain access to intelligence-relevant data.
The ongoing debates about alleged election fraud, Russian interference in U.S. democratic processes, and the lessons learned from leaks of former presidential candidate Hillary Clinton’s emails show that confidence has weakened in key elements of the rule of law. Numerous measures are necessary to rebuild this trust. One essential measure is a precise reappraisal of the security problems that have now become obvious, also in the IT sector.
