Source Code: Your daily look at what matters in tech.

enterpriseenterpriseauthorTom KrazitNoneAre you keeping up with the latest cloud developments? Get Tom Krazit and Joe Williams' newsletter every Monday and Thursday.d3d5b92349
×

Get access to Protocol

Your information will be used in accordance with our Privacy Policy

I’m already a subscriber
Protocol | Enterprise

Don’t worry about the cybersecurity fallout of the Capitol breach

Members of Congress can't access classified information on their work computers, and the chances that Wednesday's mob contained a few moonlighting cyberspies are slim.

Capitol building

Any lasting cybersecurity damage from the breach is likely to be limited.

Photo: Louis Velazquez/Unsplash

Among the disasters that visited Capitol Hill on Wednesday, the fact that the people who infiltrated Congressional offices had unfettered access to IT assets for several hours ranks rather low.

One of the most iconic images of Wednesday's events was a picture of the home screen of Speaker Nancy Pelosi's office computer, abandoned in haste after a mob broke into the Capitol building, forcing Congress and staffers to retreat to safer locations. By design, nothing on Pelosi's computer was classified: Members of Congress have to enter a protected area room in the building to view secret documents, as you'll recall from last year's impeachment proceedings when several House Republicans stormed into such a room in protest because they were denied access to documents their leaders could access.

There could have been plenty of unclassified information that would still be considered sensitive, such as Pelosi's contacts and email correspondence. And it's fair to say that congressional IT practices are somewhat haphazard; some computers might have been encrypted, while some might not have even had password protection, according to security experts.

As Katie Moussouris, CEO and founder of Luta Security, told The Washington Post: "There's an old saying, if an attacker has physical access to your computer, it's not your computer anymore."

Still, any lasting cybersecurity damage from the breach is likely to be quite limited.

A laptop from Sen. Jeff Merkley's office was taken, but there were no other reports of missing computers. Representatives from Merkley's office did not respond to an inquiry as to whether or not that laptop was encrypted; computers purchased for Senate offices after October 2018 were required to have encryption technology turned on at the urging of Merkley's fellow Oregon senator, Ron Wyden, but it's not clear when the laptop in question was purchased.

There's a far greater threat to information security in the Capitol Building, and it doesn't require access to the building itself. As we've seen with the SolarWinds hack that infiltrated several executive branch agencies last year, the biggest threats to government information security aren't wearing red hats and breaking windows; they're coming from overseas through the internet to steal sensitive data.

And in any event, the Capitol Building is not exactly the most secure facility controlled by the government, as Wednesday's events show. Any foreign intelligence agent bent on figuring out what the House Committee on Ways and Means is up to would probably have better luck accessing computers by infiltrating the cleaning staff or mingling with visitors on a post-pandemic tour of the building.

The incident does shine a light on congressional cybersecurity practices, which are far less robust than the requirements of the executive branch.

In the House, members of Congress are responsible for procuring their own IT assets just like any of us, whereas in the Senate, technology purchases are made through the office of the Sergeant at Arms. Email and file servers in the House are managed by the chief administrative officer, a non-partisan position. In the Senate, that duty falls to the Sergeant at Arms, who serves at the pleasure of the party in power.

"Images on social media and in the press of vigilantes accessing congressional computers are worrying," said Rep. Anna Eshoo, a Democrat from California, in a statement. "I asked the Chief Administrative Officer of the House to conduct a full assessment of threats based on what transpired yesterday, and the CAO has already taken important steps to that end. I have confidence that House and Senate IT and cybersecurity professionals are taking the matter seriously."

On Thursday afternoon, the CAO updated members of the House saying that administrators took "efforts including issuing commands to lock computers and laptops and shutting down wired network access to prevent inappropriate access to House data." It's not clear what, if any, action was taken on the Senate side.

Executive branch staff are almost universally required to use two-factor authentication to log into their work computers, but such a requirement does not exist in the legislative branch. Congresspeople are essentially small-business owners who can require their staff to follow whatever cybersecurity practices they deem necessarily, including, well, nothing.

There's certainly a chance that a few individuals among the mob that breached the Capitol Building could have read less-than-flattering emails sent by or to members of Congress, and could use those emails to damage a few reputations.

But the most likely outcome of Wednesday's breach is that a lot of passwords have already been changed, or will be changed in the next few days.

Update: This article was updated at 4:07 p.m. PT to include a statement from Rep. Anna Eshoo, and corrected at 5:17 p.m. PT to fix the spelling of her first name.

The metaverse is coming, and Robinhood's IPO is here

Plus, what we learned from Big Tech's big quarter.

Image: Roblox

On this episode of the Source Code podcast: First, a few takeaways from another blockbuster quarter in the tech industry. Then, Janko Roettgers joins the show to discuss Big Tech's obsession with the metaverse and the platform war that seems inevitable. Finally, Ben Pimentel talks about Robinhood's IPO, and the company's crazy route to the public markets.

For more on the topics in this episode:

Keep Reading Show less
David Pierce

David Pierce ( @pierce) is Protocol's editor at large. Prior to joining Protocol, he was a columnist at The Wall Street Journal, a senior writer with Wired, and deputy editor at The Verge. He owns all the phones.

After a year and a half of living and working through a pandemic, it's no surprise that employees are sending out stress signals at record rates. According to a 2021 study by Indeed, 52% of employees today say they feel burnt out. Over half of employees report working longer hours, and a quarter say they're unable to unplug from work.

The continued swell of reported burnout is a concerning trend for employers everywhere. Not only does it harm mental health and well-being, but it can also impact absenteeism, employee retention and — between the drain on morale and high turnover — your company culture.

Crisis management is one thing, but how do you permanently lower the temperature so your teams can recover sustainably? Companies around the world are now taking larger steps to curb burnout, with industry leaders like LinkedIn, Hootsuite and Bumble shutting down their offices for a full week to allow all employees extra time off. The CEO of Okta, worried about burnout, asked all employees to email him their vacation plans in 2021.

Keep Reading Show less
Stella Garber
Stella Garber is Trello's Head of Marketing. Stella has led Marketing at Trello for the last seven years from early stage startup all the way through its acquisition by Atlassian in 2017 and beyond. Stella was an early champion of remote work, having led remote teams for the last decade plus.

Facebook wants to be like Snapchat

Facebook is looking to make posts disappear, Google wants to make traffic reports more accurate, and more patents from Big Tech.

Facebook has ephemeral posts on its mind.

Image: Protocol

Welcome to another week of Big Tech patents. Google wants to make traffic reports more accurate, Amazon wants to make voice assistants more intelligent, Microsoft wants to make scheduling meetings more convenient, and a ton more.

As always, remember that the big tech companies file all kinds of crazy patents for things, and though most never amount to anything, some end up defining the future

Keep Reading Show less
Karyne Levy

Karyne Levy ( @karynelevy) is the West Coast editor at Protocol. Before joining Protocol, Karyne was a senior producer at Scribd, helping to create the original content program. Prior to that she was an assigning editor at NerdWallet, a senior tech editor at Business Insider, and the assistant managing editor at CNET, where she also hosted Rumor Has It for CNET TV. She lives outside San Francisco with her wife, son and lots of pets.

Protocol | China

China’s edtech crackdown isn’t what you think. Here’s why.

It's part of an attempt to fix education inequality and address a looming demographic crisis.

In the past decade, China's private tutoring market has expanded rapidly as it's been digitized and bolstered by capital.

Photo: Getty Images

Beijing's strike against the private tutoring and ed tech industry has rattled the market and led observers to try to answer one big question: What is Beijing trying to achieve?

Sweeping policy guidelines issued by the Central Committee of the Chinese Communist Party on July 24 and the State Council now mandate that existing private tutoring companies register as nonprofit organizations. Extracurricular tutoring companies will be banned from going public. Online tutoring agencies will be subject to regulatory approval.

Keep Reading Show less
Shen Lu

Shen Lu is a reporter with Protocol | China. She has spent six years covering China from inside and outside its borders. Previously, she was a fellow at Asia Society's ChinaFile and a Beijing-based producer for CNN. Her writing has appeared in Foreign Policy, The New York Times and POLITICO, among other publications. Shen Lu is a founding member of Chinese Storytellers, a community serving and elevating Chinese professionals in the global media industry.

It’s soul-destroying and it uses DRM, therefore Peloton is tech

"I mean, the pedals go around if you turn off all the tech, but Peloton isn't selling a pedaling product."

Is this tech? Or is it just a bike with a screen?

Image: Peloton and Protocol

One of the breakout hits from the pandemic, besides Taylor Swift's "Folklore," has been Peloton. With upwards of 5.4 million members as of March and nearly $1.3 billion in revenue that quarter, a lot of people are turning in their gym memberships for a bike or a treadmill and a slick-looking app.

But here at Protocol, it's that slick-looking app, plus all the tech that goes into it, that matters. And that's where things got really heated during our chat this week. Is Peloton tech? Or is it just a bike with a giant tablet on it? Can all bikes be tech with a little elbow grease?

Keep Reading Show less
Karyne Levy

Karyne Levy ( @karynelevy) is the West Coast editor at Protocol. Before joining Protocol, Karyne was a senior producer at Scribd, helping to create the original content program. Prior to that she was an assigning editor at NerdWallet, a senior tech editor at Business Insider, and the assistant managing editor at CNET, where she also hosted Rumor Has It for CNET TV. She lives outside San Francisco with her wife, son and lots of pets.

Latest Stories