Another fear after Capitol attack: information security

As we examine the fallout from the attack on the U.S. Capitol last week, what are the cybersecurity implications? Maybe not the top thing on your mind. But consider that for hours rioters had almost unimpeded access to offices, networks and computers on desks. A laptop was even stolen, and security experts say there’s the potential for all kinds of hacking and intrusions. And the cybersecurity threat is made worse by a unique feature of Congress: Everyone is in charge of their own IT.

I spoke with Bruce Schneier, a security technologist. He told me some of the things intruders could have done. The following is an edited transcript of our conversation.

A headshot of Bruce Schneier, a cybersecurity expert and author of the book “Click Here to Kill Everybody: Security and Survival in a Hyper-connected World.”
Bruce Schneier (Photo courtesy of Claudia Miklas)

Bruce Schneier: I mean, certainly, you would plant room bugs, especially if you’re in [House Speaker Nancy] Pelosi’s office, where she’s sitting at her desk. You could put room bugs in there, [and] that’d be pretty awesome from a foreign government’s perspective. You can get into the networks of Congress. Now, we see how much effort the Russians put into the SolarWinds operation, trying to get into government networks. Here, they can now walk in. And there’s a saying among computer security people that if you no longer control your computer, it’s no longer your computer. When you get that computer back, that’s not a trustworthy computer anymore.

Molly Wood: One thing that was reported a few days ago was that a laptop was stolen from Nancy Pelosi’s office. And, I mean, that alone seems bad, right?

Schneier: But we have ways to deal with that. My laptop is encrypted. If you stole my laptop, you would get a hunk of plastic and metal and chips, and you wouldn’t get any of my data. Now, that’s pretty good security hygiene. One of the problems we have in Congress — this is kind of interesting — [is that] each member of Congress is kind of their own boss. And while there is an IT department, there are no centralized standards. So anybody could be doing whatever they want in their office, and we don’t know. So [Pelosi’s stolen computer] could be nothing, just a loss of a couple of thousand dollars of a computer, or it could be the…