DC riots: Attack on Capitol may pose cybersecurity risk

A man leans back in an office chair with his foot on the desk in a congressional office

Published Jan. 7, 2021 Updated Jan. 8, 2021 1:44 PM PT

The pro-Trump mob that stormed the U.S. Capitol’s Senate floor and Capitol rotunda on Wednesday may have breached more than just the building’s physical security.

Photos show rioters in congressional offices, including that of House Speaker Nancy Pelosi (D-San Francisco). Any computers left on could be vulnerable, and so could papers — such as personal schedules or mail — that weren’t locked away, information security experts said. Sen. Jeff Merkley (D-Ore.) said his office was ransacked and a laptop stolen. An aide to Pelosi said a laptop used only for presentations was snatched from a conference room.

What does this mean for the security of the nation’s information? Here are insights from experts who spoke with The Times.

Does the invasion of the Capitol pose a cybersecurity risk?

It depends. If rioters got their hands on congressional computers that were still logged in, they may have been able to access information. But if those computers were encrypted, they wouldn’t be able to get anything, said Jesse Varsalone, associate professor of computer networks and cybersecurity at University of Maryland Global Campus.

However, if a computer was encrypted but documents were left open onscreen, that information would already have been decrypted and could have been read, said Suzanne Spaulding, an advisor to Nozomi Networks and former undersecretary for the Department of Homeland Security. That means members of the mob could have snapped images of documents such as emails.

“I would not assume right off the bat that the folks who broke into the Capitol … had folks whose objective and skill set was to use their physical access to gain access to the IT system, to sensitive information,” she said. “But … if someone takes a laptop, they can later decide, ‘Hey, this could be really interesting. I don’t have the skills to exploit it, but I’m going to find someone who does.’”

The theft of a laptop, as from Merkley’s office, poses special concern because the machine is part of a federal network and could help outsiders access the entire network.

“That’s the concern about a stolen laptop,” Spaulding said. “It’s not just about what’s on the laptop.”

Could someone have put malware onto congressional computers?

It’s possible, but Varsalone said it’s unlikely.

“It seems they were more motivated to kind of actually derail [the electoral college vote certification], as opposed to plant something,” he said.

What about sensitive or confidential documents?

Congressional leaders with security clearances must abide by rules intended to protect that information, Varsalone said. If such information was on a computer, it probably would be shielded with encryption.

How does this situation compare with other potential threats to the nation’s information security?

It’s not clear yet whether Wednesday’s events included a breach of cybersecurity or information security at all, Spaulding said.

There is no indication that any of the rioters had IT savvy or were prepared to infect congressional computers with malware, she said.

“From an IT perspective, when I look at the events of what happened [Wednesday] and all of the incredible implications … the IT cybersecurity concerns are not the highest on my list,” Spaulding said.

Terms in the news

UPDATED Jan. 7, 2021 | 6:19 PM

What is a protest?

A protest is “the act of objecting or a gesture of disapproval,” according to Merriam-Webster Dictionary. The 1st Amendment of the U.S. Constitution protects the right of people to assemble for peaceful protest.

What is sedition?

Sedition, or seditious conspiracy, is defined in U.S. law as conduct or language inciting rebellion against the authority of a state, including the use of “force to prevent, hinder, or delay the execution of any law of the United States.” It’s the organization that often happens before an act of insurrection or treason. It is considered a serious felony punishable by fines and up to 20 years in prison.

What is insurrection?

An insurrection is “an act or instance of revolting against civil authority or an established government.” In U.S. law, it specifically refers to an act of violence against the state or its officers, and anyone who incites, assists or engages in insurrection can be fined or imprisoned and be barred from holding office.

What is treason?

Treason is “the offense of attempting by overt acts to overthrow the government of the state to which the offender owes allegiance or to kill or personally injure the sovereign or the sovereign’s family,” according to Merriam-Webster. According to U.S. law, it involves actively levying war against the United States or giving aid to its enemies.

What is a coup?

A coup, from the French coup d’état, is a “sudden decisive exercise of force in politics,” especially “the violent overthrow or alteration of an existing government by a small group,” according to Merriam-Webster.

The riot at the Capitol came just weeks after a much bigger cybersecurity revelation: that an “outside nation-state” suspected to be Russia had been spying on U.S. government computer networks by exploiting a vulnerability in software produced by SolarWinds, a Texas company.

The SolarWinds breach affected 18,000 of its customers, including the Treasury and Commerce departments. The FBI and the Homeland Security Department are investigating the matter, and the Homeland Security Department said last month that there was an “unacceptable risk” to the executive branch from the large-scale breach.

How will this change security at the Capitol?

Policies probably will be reviewed, and physical security as well as computer security probably will be bolstered, Varsalone said.

“In general, a lot of government agencies tend to have a lot of really good security, and they have for years and years and years,” he said.

In this case, he said, the U.S. Capitol Police were overwhelmed by and unprepared for the size of the mob. “That’s where the real breakdown was,” he said.

The Capitol Police declined offers of help from the National Guard days before the riot and from FBI agents during the riot, according to the Associated Press. The police chief announced Thursday that he will resign.