Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Post-Riot, the Capitol Hill IT Staff Faces a Security Mess

Wired – Wednesday’s insurrection could have exposed congressional data and devices in ways that have yet to be appreciated. “…the mob Wednesday had ample opportunities to steal information or gain device access if they wanted to. And while the Senate and House each build off of their own shared IT framework, ultimately each of the 435 representatives and 100 senators runs their own office with their own systems. This is a boon to security in the sense that it creates segmentation and decentralization; getting access to Nancy Pelosi’s emails doesn’t help you access the communications of other representatives. But this also means that there aren’t necessarily standardized authentication and monitoring schemes in place. Larkin emphasizes that there is a baseline of monitoring that IT staffers will be able to use to audit and assess whether there was suspicious activity on congressional devices. But he concedes that representatives and senators have varying levels of cybersecurity competence and hygiene. It’s also true that potentially exposed data at the Capitol on Wednesday would not have been classified, given that the mob had access only to unclassified networks. But congressional staffers are not subject to Freedom of Information Act obligations and are often much more candid in their communications than other government officials. Security and intelligence experts also emphasize that troves of unclassified information can still reveal sensitive or even classified information when combined…”

Sorry, comments are closed for this post.