Underscoring the Critical Importance of Physical Cybersecurity Measures
On Jan. 6, the unthinkable happened. Rioters stormed the U.S. Capitol building, furious at Donald Trump’s election loss. The attack resulted in five dead, including two police officers, and at least 50 injured, per NBC Washington.
As members of the house sheltered in place to avoid the chaos, there is a good chance that criminals may have made off with passwords, confidential information, access codes, and more. Two hours is a long time to have unfettered access to a place like the Capitol building, and a riot such as this would be the perfect opportunity for opportunistic espionage. We should, by default, assume the presence of bad actors — we already know several thefts did occur.
As reported by The New York Post, multiple electronic devices were stolen during the insurrection, including laptops belonging to House Speaker Nancy Pelosi and Senator Jeff Merkley. These devices and the sensitive information they contain could well be in the hands of someone with malicious intent. As noted by tech publication ZDNet, IT staff should, at this point, assume that all devices were compromised, as well as all communications, network connections, and files.
Physical access also allows for far more than simple theft. As we learned from the SolarWinds attack, malware is often at the heart of a successful intrusion. Though these attacks are traditionally carried out via the Internet, it would have been incredibly easy for a criminal to compromise one or even several systems.
Almost anyone could have been in the crowd that day. As such, it would have been incredibly easy for a rioter to upload malware into the Capitol building’s network. And unlike with a standard intrusion, there’s little hope of detecting such an attack until the damage has already been done.
Also read: Here’s The Security Challenges In IoT World
What can be done, then?
Let’s start with the bad news first. There’s really no way to completely prevent a physical attack like the Capitol riot. All the software cybersecurity in the world won’t help if someone simply breaks down the door.
However, physical security measures could include:
- Micro-segmentation of your network, so that an infection doesn’t spread across the entirety of your infrastructure.
- Employee education. Your people should understand not just digital best practices, but physical as well. You must also school them on how to recognize a social engineering attack.
- Regular physical inspections of systems and devices.
- Access controls such as CCTV, locked doors, and restricted areas.
The events that transpired in Washington, D.C. should never have happened. As it is, however, they underscore the need for better security on the network, software, and physical sides alike. In the case of the Capitol building, they won’t be out of the water even once they’ve tested, scanned, and replaced all active devices.
There’s still the risk of a delayed attack. There are still missing endpoints to account for. And above all, there’s still the chance that a riot like this could happen again.
It’s easy to forget that securing your software and network is only the first step. That the physical machines you use must be subject to protections that are just as stringent. Otherwise, anybody could easily stroll right in.