The overrunning of the U.S. Capitol on Wednesday may be one of the most serious cybersecurity events ever, potentially on par even with the ongoing SolarWinds hack. The riot has potentially given some of the most sophisticated cyber-threat actors unrestricted access to one of our government’s most critical networks for four hours.
This situation is a lot like SolarWinds: we know at least some of what has happened and we can extrapolate what may have happened. Another way this is like SolarWinds: it may take some time for us to truly know the full extent of what happened, if we ever do.
We can see in the many pictures and videos that what happened was an unauthorized, uncontrolled group of unknown people had complete, unrestricted physical access to the Capitol for nearly four hours. This in turn gave them complete, unrestricted access to the computers, devices and the physical networks in those buildings for that time.
An important rule in my world is one of the “Ten Immutable Laws of Security.” Law 3 states: If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore.
This means for four hours on Wednesday, every device, computer, server, network outlet, WiFi hotspot, router, and internet connection in the Capitol and Congressional office buildings weren’t controlled by the