enterprise| enterpriseauthorTom KrazitNoneAre you keeping up with the latest cloud developments? Get Tom Krazit and Joe Williams' newsletter every Monday and Thursday.d3d5b92349
×

Get access to Protocol

I’ve already subscribed

Will be used in accordance with our Privacy Policy

Protocol | Enterprise

Don’t worry about the cybersecurity fallout of the Capitol breach

Members of Congress can't access classified information on their work computers, and the chances that Wednesday's mob contained a few moonlighting cyberspies are slim.

Capitol building

Any lasting cybersecurity damage from the breach is likely to be limited.

Photo: Louis Velazquez/Unsplash

Among the disasters that visited Capitol Hill on Wednesday, the fact that the people who infiltrated Congressional offices had unfettered access to IT assets for several hours ranks rather low.

One of the most iconic images of Wednesday's events was a picture of the home screen of Speaker Nancy Pelosi's office computer, abandoned in haste after a mob broke into the Capitol building, forcing Congress and staffers to retreat to safer locations. By design, nothing on Pelosi's computer was classified: Members of Congress have to enter a protected area room in the building to view secret documents, as you'll recall from last year's impeachment proceedings when several House Republicans stormed into such a room in protest because they were denied access to documents their leaders could access.

There could have been plenty of unclassified information that would still be considered sensitive, such as Pelosi's contacts and email correspondence. And it's fair to say that congressional IT practices are somewhat haphazard; some computers might have been encrypted, while some might not have even had password protection, according to security experts.

As Katie Moussouris, CEO and founder of Luta Security, told The Washington Post: "There's an old saying, if an attacker has physical access to your computer, it's not your computer anymore."

Still, any lasting cybersecurity damage from the breach is likely to be quite limited.

A laptop from Sen. Jeff Merkley's office was taken, but there were no other reports of missing computers. Representatives from Merkley's office did not respond to an inquiry as to whether or not that laptop was encrypted; computers purchased for Senate offices after October 2018 were required to have encryption technology turned on at the urging of Merkley's fellow Oregon senator, Ron Wyden, but it's not clear when the laptop in question was purchased.

There's a far greater threat to information security in the Capitol Building, and it doesn't require access to the building itself. As we've seen with the SolarWinds hack that infiltrated several executive branch agencies last year, the biggest threats to government information security aren't wearing red hats and breaking windows; they're coming from overseas through the internet to steal sensitive data.

And in any event, the Capitol Building is not exactly the most secure facility controlled by the government, as Wednesday's events show. Any foreign intelligence agent bent on figuring out what the House Committee on Ways and Means is up to would probably have better luck accessing computers by infiltrating the cleaning staff or mingling with visitors on a post-pandemic tour of the building.

The incident does shine a light on congressional cybersecurity practices, which are far less robust than the requirements of the executive branch.

In the House, members of Congress are responsible for procuring their own IT assets just like any of us, whereas in the Senate, technology purchases are made through the office of the Sergeant at Arms. Email and file servers in the House are managed by the chief administrative officer, a non-partisan position. In the Senate, that duty falls to the Sergeant at Arms, who serves at the pleasure of the party in power.

"Images on social media and in the press of vigilantes accessing congressional computers are worrying," said Rep. Anna Eshoo, a Democrat from California, in a statement. "I asked the Chief Administrative Officer of the House to conduct a full assessment of threats based on what transpired yesterday, and the CAO has already taken important steps to that end. I have confidence that House and Senate IT and cybersecurity professionals are taking the matter seriously."

On Thursday afternoon, the CAO updated members of the House saying that administrators took "efforts including issuing commands to lock computers and laptops and shutting down wired network access to prevent inappropriate access to House data." It's not clear what, if any, action was taken on the Senate side.

Executive branch staff are almost universally required to use two-factor authentication to log into their work computers, but such a requirement does not exist in the legislative branch. Congresspeople are essentially small-business owners who can require their staff to follow whatever cybersecurity practices they deem necessarily, including, well, nothing.

There's certainly a chance that a few individuals among the mob that breached the Capitol Building could have read less-than-flattering emails sent by or to members of Congress, and could use those emails to damage a few reputations.

But the most likely outcome of Wednesday's breach is that a lot of passwords have already been changed, or will be changed in the next few days.

Update: This article was updated at 4:07 p.m. PT to include a statement from Rep. Anna Eshoo, and corrected at 5:17 p.m. PT to fix the spelling of her first name.

Big Tech benefits from Biden’s sweeping immigration actions

Tim Cook and Sundar Pichai praised President Biden's immigration actions, which read like a tech industry wishlist.

Newly-inaugurated President Joe Biden signed two immigration-related executive orders on Wednesday.

Photo: Chip Somodevilla/Getty Images

Immediately after being sworn in as president Wednesday, Joe Biden signed two pro-immigration executive orders and delivered an immigration bill to Congress that reads like a tech industry wishlist. The move drew enthusiastic praise from tech leaders, including Apple CEO Tim Cook and Alphabet CEO Sundar Pichai.

President Biden nullified several of former-President Trump's most hawkish immigration policies. His executive orders reversed the so-called "Muslim ban" and instructed the attorney general and the secretary of Homeland Security to preserve the Deferred Action for Childhood Arrivals, or DACA, program, which the Trump administration had sought to end. He also sent an expansive immigration reform bill to Congress that would provide a pathway to citizenship for undocumented individuals and make it easier for foreign U.S. graduates with STEM degrees to stay in the United States, among other provisions.

Keep Reading Show less
Emily Birnbaum

Emily Birnbaum ( @birnbaum_e) is a tech policy reporter with Protocol. Her coverage focuses on the U.S. government's attempts to regulate one of the most powerful industries in the world, with a focus on antitrust, privacy and politics. Previously, she worked as a tech policy reporter with The Hill after spending several months as a breaking news reporter. She is a Bethesda, Maryland native and proud Kenyon College alumna.

Politics

'Woke tech' and 'the new slave power': Conservatives gather for Vegas summit

An agenda for the event, hosted by the Claremont Institute, listed speakers including U.S. CTO Michael Kratsios and Texas Attorney General Ken Paxton.

The so-called "Digital Statecraft Summit" was organized by the Claremont Institute. The speakers include U.S. CTO Michael Kratsios and Texas Attorney General Ken Paxton, as well as a who's-who of far-right provocateurs.

Photo: David Vives/Unsplash

Conservative investors, political operatives, right-wing writers and Trump administration officials are quietly meeting in Las Vegas this weekend to discuss topics including China, "woke tech" and "the new slave power," according to four people who were invited to attend or speak at the event as well as a copy of the agenda obtained by Protocol.

The so-called "Digital Statecraft Summit" was organized by the Claremont Institute, a conservative think tank that says its mission is to "restore the principles of the American Founding to their rightful, preeminent authority in our national life." A list of speakers for the event includes a combination of past and current government officials as well as a who's who of far-right provocateurs. One speaker, conservative legal scholar John Eastman, rallied the president's supporters at a White House event before the Capitol Hill riot earlier this month. Some others have been associated with racist ideologies.

Keep Reading Show less
Emily Birnbaum

Emily Birnbaum ( @birnbaum_e) is a tech policy reporter with Protocol. Her coverage focuses on the U.S. government's attempts to regulate one of the most powerful industries in the world, with a focus on antitrust, privacy and politics. Previously, she worked as a tech policy reporter with The Hill after spending several months as a breaking news reporter. She is a Bethesda, Maryland native and proud Kenyon College alumna.

Trump wants to spend his final week as president getting back at Twitter and Facebook for suspending him.

Photo: Oliver Contreras/Getty Images

President Trump has been telling anyone who will listen that he wants to do something to strike back at Big Tech in the final days of his presidency, promising a "big announcement" soon after Twitter permanently banned him last week.

In a statement that Twitter has taken down multiple times, Trump hammered usual targets — Section 230, the "Radical Left" controlling the world's largest tech platforms — and pledged he would not be "SILENCED." But at this point, as he faces a second impeachment and a Republican establishment revolting against him in the waning days of his presidency, there's likely very little that Trump can actually do that would inflict long-lasting damage on tech companies.

Keep Reading Show less
Emily Birnbaum

Emily Birnbaum ( @birnbaum_e) is a tech policy reporter with Protocol. Her coverage focuses on the U.S. government's attempts to regulate one of the most powerful industries in the world, with a focus on antitrust, privacy and politics. Previously, she worked as a tech policy reporter with The Hill after spending several months as a breaking news reporter. She is a Bethesda, Maryland native and proud Kenyon College alumna.

Politics

Trump got all he needed from Twitter. Now, he still has all the power.

President Trump used Twitter to become the most powerful man in the world. Now, that power is his to keep.

Trump became the most powerful man in the world thanks to Twitter. Now that he's banned, he'll take that power with him.

Photo: Joshua Hoehne/Unsplash

On Friday night, Twitter announced that it was forever banning President Trump from the digital podium where he conducted his presidency and where, for more than a decade, he built an alternate reality where what he said was always the truth.

There are moral arguments for not doing business with the guy who provoked a violent mob to invade the U.S. Capitol, leaving several people dead. There have been moral arguments for years for not doing business with the guy who spent most of his early mornings and late nights filling the site with a relentless stream of pithy, all-caps conspiracy theories about everything from Barack Obama's birthplace to the 2020 election. There are also moral arguments against tech companies muzzling the president of the United States at all.

Keep Reading Show less
Issie Lapowsky
Issie Lapowsky (@issielapowsky) is a senior reporter at Protocol, covering the intersection of technology, politics, and national affairs. Previously, she was a senior writer at Wired, where she covered the 2016 election and the Facebook beat in its aftermath. Prior to that, Issie worked as a staff writer for Inc. magazine, writing about small business and entrepreneurship. She has also worked as an on-air contributor for CBS News and taught a graduate-level course at New York University’s Center for Publishing on how tech giants have affected publishing. Email Issie.
Politics

The other reason Facebook silenced Trump? Republicans lost power.

Yes, the president's acts were unprecedented. But Facebook is also preparing for a new Washington, controlled by Democrats.

Mark Zuckerberg and Facebook's head of public policy Joel Kaplan have spent four years bending to conservatives' demands. Now, Facebook is bending in a new direction.

Photo: Samuel Corum/Getty Images

In his post announcing that President Trump would be blocked from posting on Facebook until at least Inauguration Day, Mark Zuckerberg wrote that the president's incitement of the violent mob that stormed the U.S. Capitol building Wednesday was "fundamentally different" than any of the offenses he's committed on Facebook before. "The risks of allowing the President to continue to use our service during this period are simply too great," he wrote on Thursday.

That may be true. But there's another reason why — after four years spent insisting that a tech company has no business shutting up the president of the United States, no matter how much he threatens to shoot protesters or engages in voter suppression — Zuckerberg finally had a change of heart: Republicans just lost power.

Keep Reading Show less
Issie Lapowsky
Issie Lapowsky (@issielapowsky) is a senior reporter at Protocol, covering the intersection of technology, politics, and national affairs. Previously, she was a senior writer at Wired, where she covered the 2016 election and the Facebook beat in its aftermath. Prior to that, Issie worked as a staff writer for Inc. magazine, writing about small business and entrepreneurship. She has also worked as an on-air contributor for CBS News and taught a graduate-level course at New York University’s Center for Publishing on how tech giants have affected publishing. Email Issie.
Latest Stories