The breach of the Capitol this week by pro-Trump rioters also put lawmakers’ cybersecurity at risk.
Why it matters: Files, emails and other data lifted from lawmakers would have enormous value to hostile foreign powers, cybercriminals and other bad actors.
Driving the news: In a letter circulated Thursday to House lawmakers’ offices and obtained by Axios, the chamber’s chief administrative officer said “there have been no indications that the House network was compromised” but advised staff to make a full accounting of all devices and report back if anything appears missing or amiss.
- The Justice Department warned in a briefing that stolen items, including electronics, could pose natural security risks, according to a Politico report.
Context: Rioters who stormed the Capitol entered Speaker Nancy Pelosi’s office, and a reporter tweeted (and has since deleted) a photo claiming to be of an unlocked computer with email open in her office.
- Sen. Jeff Merkley (D-Ore.) said a laptop was stolen from an office he used in a video he posted showing damage to the room.
- Pelosi and Merkley’s offices did not respond to requests for comment.
How it works: If any congressional devices or networks were breached, either amid the chaos Wednesday or via, say, a USB drive surreptitiously inserted into a computer, that could mean not only theft of information but also the potential to insert malicious code for future exploitation or mischief.
- A Hill aide told Axios it’s a high-impact, low probability situation: “From a cybersecurity standpoint, I don’t think anybody was really prepared for the amount of physical access that appeared yesterday.”
Reality check: Classified and other highly sensitive information doesn’t just sit around on House office laptops, and there’s no indication any of the people who stormed the Capitol were there as cyberspies. But even the small risk of congressional networks being breached is seriously troubling, say experts.
- “I don’t know of [any evidence] that these individuals were able to manipulate data or steal data or destroy data, but I don’t think you can rule it out at this point, either,” said Frank Cilluffo, director of the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University.
The big picture: The concerns come as Washington is still reeling from revelations that Russian hackers breached computer systems at a number of key federal agencies as part of a sprawling hack that hit the U.S. private and public sectors alike.
Flashback: Democratic Sen. Ron Wyden has for years pushed the Senate to improve its cybersecurity practices, calling for two-factor authentication using personal identity verification cards in the chamber in 2017.