Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingPhysical SecurityCybersecurity News

Security practices state Capitols should put in place today

By Stel Valavanis
us-capitol
February 1, 2021

As lawmakers and law enforcement continue to unravel the events and impact of the crisis at the U.S. Capitol on Wednesday, January 6th, attention is turning to identification and prosecution of those that illegally entered, attacked, and looted the Capitol and the offices of the legislature housed there. We’re learning more about the litany of security failings and it is imperative that we take the lessons offered by this example and make the changes they demand now, at our state capitol buildings, as well as in our businesses.

The same group that breached the offices in our nation’s capital are now in their home states across the country, where according to the FBI they are promising to attempt similar attacks at their state capitols. While most organizations would never consider themselves to plausibly be at risk of a large, overwhelming, physically penetrating attack, there are many lessons to be learned from this incident that can benefit all organizations and we can hold this event up as an example that even in offices with what most would consider the absolute top echelon of security, common vulnerabilities and bad practices can be found. The following are a few things that those protecting our government, and even those that seek to protect their own organizations, could learn from the events of January 6th.

1. Know your vulnerabilities and understand your risk

When considering a cybersecurity plan, it is worth considering what risk your organization carries. As one of the most important buildings in our government, the Capitol carries risk at the highest level, and is of great interest to actors from international governments, both friend and foe. While the attack on the Capitol seemed to initially be an out-of-control protest, it was quickly apparent that there were several layers. The base layer of a “violent mob” made up of ill-prepared protestors helped to cover up and obfuscate the actions of a smaller group of insurrectionists with clear, violent goals and the tools to enable them to do so. It must be assumed, however, that there was likely another layer beyond this, one of D.C.-based foreign intelligence operatives who would have the opportunity and resources to use the attack as cover to penetrate the Capitol and engage in espionage. Under normal circumstances, the threat from a spy might seemingly be the least likely to actually occur, but cybersecurity operations must prepare for their WORST threat, not only the most likely ones.

Security preparations for the state capitol buildings this week, and for businesses in the future, should be prepared for the worst plausible scenario, not merely the one they consider most likely. However, the lack of preparation at the Capitol last week, if it was truly an oversight, can be seen as a failure in threat intelligence. The people attacking the capitol engaged in planning their actions on open forums such as Facebook. Before the attack, there was a large, publicized rally, attended by members of our government, with a clear intent to march on the Capitol. The threat was clear that day, and for long before, and the impact could have been (and still could be in the case of future attacks) mitigated by practicing some of the most basic aspects of good cybersecurity hygiene.

2. Enforce your policies

Understanding your risk is the first step to proper protection, and writing policy is typically the next. The suggestions I make here are honestly not novel, and it is likely that all the potential policy mentioned is already in place. Writing policy is fast, free, and easy. Policy, however, does no good if it is ignored easily, as it often is. Employees “breaking the rules” often do so out of convenience, and without training, may not even be aware of certain policies, especially if it is a policy that the office culture has “trained” employees to ignore. Without automated or manual checks on employee compliance with policy, changes to cybersecurity policy can end up meaning little more than the best intentions of a quickly forgotten New Year’s Resolution.

3. Clean screen and clean desk

Photos published after the attack on the Capitol building include a photo of a computer on an office desk, still logged in, with email open. It’s being used as evidence that the employees had to take unexpected and unusual action and evacuate their office with haste. Access to this computer could be a vector for a great deal of future damage. Malware could have been installed, emails copied and analyzed for sensitive information and for future phishing and social engineering efforts. Files from the computer could have been copied. The truth is that it’s unlikely that doing any of these things mentioned would have left any traceable trail and it may be impossible to confirm if there was a compromise.

A common policy is called the “clean screen” policy, which demands that an employee’s computer be locked whenever the employee is not present and actively using the computer. Your staff’s computers, desktop and laptop, WFH or WFO, should be at a locked screen status whenever unattended. This can be set manually when the employee leaves their desk, but a measure should be in place to do so automatically after a short amount of time. It is not uncommon for an employee to leave their computer open for a short run to the printer or to grab a cup of coffee, but these short trips can turn into longer ones than planned! In case of an emergency situation, it will not matter if the employees had time or remembered to lock their stations. It will have been done automatically. Of course, this policy does little good if it goes unheeded, so random testing or another form of enforcement will go a long way.

A notch up in security would be to institute a Clean Desk policy as well, so that no information is left on a desk overnight, or even for short periods. Desks at the state capitals and computers, though off, are covered in written notes and other information that could be used for social engineering or to otherwise aid cyberattack.

4. Inventory hardware and files

About two hours after the attack, the building was announced to have been “clear”, though it seemed an impossibly short time to confirm that no dangerous people or equipment remained in the building. In terms of physical security, those charged with protecting our congress members decided that the attack was over and the work of confirming President-elect Biden could continue. On the cybersecurity side of things, there was no such official call, though reporters are already referring to the event in the past-tense and downplaying the potential cybersecurity implications of the attack. 

Many of the directives coming out now have no hope to prove a negative. Inventory now is only as helpful as the quality of inventory done before the attack. It will likely not be possible to ever know for sure if files are missing, copied, altered, if hardware has been stolen or modified. The best that reporters, and even cybersecurity professionals can do now is to make guesses about vulnerability and hope that the safeguards that were in place were enough to prevent any liability. 

The theft of the laptop from Pelosi’s office has been downplayed, as the particular laptop is being characterized as being a piece of projection equipment, something only used to “put your PowerPoint on”. It is not seen as a vulnerability now that it’s missing, and it was likely not treated as sensitive when in use. A policy for removing presentations after they were no longer in use was likely not in place. Presentations given to the Speaker of the House, or even by the Speaker herself, could very likely have remained as forgotten files on this peripheral laptop. It’s also possible this laptop occasionally was used to go online, log into websites, pull files from cloud sources, in the context of a meeting, out of convenience, and then forgotten. As this laptop was likely not considered subject to security policies, it is very plausible that passwords, browsing history, and other PII could be extracted from this laptop. Equipment such as this must be inventoried and the contents should also be tracked, and deleted when appropriate.

5. Have a reasonable remediation plan in place and follow it

Have a business continuity plan. As I mentioned before, it seemed oddly fast that the building was cleared physically after the attack, but that it was (and remains) impossible to have “cleared” the cybersecurity threat. Though the number of devices that could have potentially been compromised is likely low, it is necessary in this situation (as it would be in your organization) to assume that all devices have been compromised. As Congress  reconvened without delay to finish the night’s work, it is unlikely that any hardware was replaced, as will likely be part of the ongoing remediation effort. Without the plan or infrastructure to replace this hardware in a quick manner, employees spent the night working on devices that could have been compromised, accessing a network that may have been breached, in a building that could still be hiding an untold number of malicious hacking devices and tools of espionage. 

In truth, any cyberattack associated with this massive penetration is likely ongoing and will not be detected for many months, if ever.

KEYWORDS: cyber security Government Security incident response public safety

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Stel valavanis onshoresecurity

Stel Valavanis, CEO onShore Security, is an internationally-recognized security thought leader. Valavanis is a member of Chicago Arch Angels and is an investor in a number of early-stage tech companies. He currently sits on the board of several leading nonprofits including the ACLU of Illinois where he advises on digital privacy. Valavanis is also an active alumnus of the University of Chicago.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Red laptop

Cybersecurity leaders discuss Oracle’s second recent hack

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • cyber-security-network-freepik

    Expect 2022 to be the year of cybersecurity

    See More
  • Woman holding phone in front of laptop

    4 practices CISOs should prioritize in their mobile security strategy

    See More
  • computer-code.jpg

    8 identity management best practices to have in place

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing