Ride the Lightning
Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.
Assault on the Capitol: Stolen Computers Are Not a Major Concern
January 12, 2021
Assault on the Capitol: Stolen Computers Are Not a Major Concern
TechCrunch reported on January 8 that the theft of two computers in the January 6 storming of the Capitol is a not a cybersecurity nightmare, in spite of some histrionic headlines that suggested otherwise.
One of the computers was a laptop taken from House Speaker Nancy Pelosi's office. In the unlikely event that this laptop had sensitive data, no doubt it was remotely wiped as soon as the theft was discovered.
Bear in mind that the offices of elected officials are almost public spaces. Tours go in and out, meetings with foreign dignitaries and other members of Congress are held, and lots of civil servants without security clearances come and go. The administrative and legislative work done on these computers would not be apt to have highly sensitive information.
Most people were working from home, so it is unlikely that there was a lot of critical business being conducted on the desktops/laptops in these offices. Classified data resides in the access-controlled SCIF, not on random devices in unsecured areas.
The stolen laptop is reported by Reuters as having been part of a conference room's dedicated hardware — probably an older computer that allowed you to project your PowerPoint. This was not Pelosi's personal laptop, which might indeed have had sensitive data.
I agree with TechCrunch: It's very likely that the most that will result from the theft of government computers on Jan. 6 will be inconvenience or some embarrassment if some informal communications become public. Staffers have indeed been known to gossip or grouse.
Mind you, the folks who stole government property will nonetheless be prosecuted.
The much greater threat to national security was the extensive infiltration of government contractors and accounts through the SolarWinds breach. Those systems are packed with information that was never meant to be public and will likely enable credential-related attacks for years.
Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson