US Capitol attack a wake-up call for the integration of physical & IT security
Cyber-physical security
Dark Reading
As Capitol rioters stormed the building, photos were released around social media of rioters sitting at the desks of US elected officials. Clearly, this caused serious concerns in the fields of both physical and cyber security. Seth Rosenblatt, Editor-in-chief and founder of The Parallax, an online cyber security and privacy news magazine, discusses how two traditionally disparate security disciplines can be united.
One of the harrowing images to come out of Wednesday’s attack on the US Capitol was a photo posted by a rioter of an open laptop on a desk in US House Speaker Nancy Pelosi’s office. The screen was visible and apparently unlocked, with a warning in a black box that read, “Capitol: Internet Security Threat: Police Activity.”
While it remains unclear whether the laptop allegedly stolen from Pelosi’s office during the attack on the Capitol is the same one that was photographed in an unlocked state, it underscores how physical security and IT security can go hand in hand.
Pelosi’s Deputy Chief of Staff said on Twitter that the stolen laptop had limited access to sensitive documents and was used just for presentations. Even so, security experts expressed concern at the security implications of stolen Congressional computers and devices.
Along with laptops and physical mail that were stolen, the rioters had the opportunity to infiltrate congressional computer systems and networks. Without proper logging of network and system access, a tech-savvy rioter could have done significant harm to congressional computers and systems, points out Dan Tentler, Executive Founder of security testing company Phobos Group.
“Just because an attacker accidentally found themselves in the office of the speaker of the house doesn’t mean that they didn’t have the means to hack Congress,” he says.
Traditionally, disparate physical security and IT security operations are integrating awkwardly. As technology rapidly changes and organisations increasingly emphasise IT security, they run the risk of ignoring physical security concerns — and how they can impact on computer devices, systems, and networks. Equally prioritizing physical and IT…
