Last year came out with a blast in information security with the SolarWinds and FireEye breaches, and 2021 has come with a blast given the attack on the Capitol in Washington DC and the inauguration of a new US president. What do these events portend for IT and information security professionals and industries, both in the US and internationally?
Although it is still too early in the new American administration to gather firm ideas about what the administration will do in relation to cybersecurity and international cooperation, the initial signs are positive.
However, there is much to be done within the United States government itself, given the accepted assumption that there are bad actors within its infrastructure and that there is no official assessment currently available of what was compromised during the invasion of the Capitol.
My expectation is that there will be a primary focus on identifying and recovering from any breaches, followed by work to improve the security of the underlying infrastructure. There will also be a necessary focus on the US-led cyber industry, particularly given past events related to SolarWinds and FireEye.
Aside from the Five Eyes surveillance alliance, I think security cooperation with international cyber companies will be less of a focus, particularly given the role the US cyber industry plays outside of the US.
However, there are other lessons to be learned, particularly in light of the attack on the Capitol. First, there is evidence of insider assistance to those who attack the Capitol. Simply put, there were insider threat sources and insider threat actors. No cyberprofessional or anyone in a human resources role should ignore this.
For the new administration, this will require a radical overhaul of security check procedures, not only for all administrative staff and contractors, but also for all elected officials and their staff. There will be opposition, particularly from elected representatives, but given the scale of the gap on Capitol Hill, it is something that must be done, and it must be done urgently.
Because the attackers actually entered the Capitol and some items, including laptops, were stolen, plus the building’s IT infrastructure could have been breached under the cover of the attack, that raises the issue of physical security and how staff must react in such a situation. .
A full physical security investigation should be conducted, along with the development of a full inventory of the assets that were taken, including data and information assets, not just hardware items.
Social media, both major and private social groups, played an important role in organizing and coordinating the attack on the Capitol and this could indicate that the new US administration will try to do more to monitor these channels.
However, this follow-up raises the question of how social media should be viewed. Is it a common carrier, or does the definition of common carrier only apply to the underlying Internet path that a social media communication travels?
Another aspect of monitoring is the area of freedom of expression and Big Brother-style monitoring. This is a complicated area and I will not comment, except to say that there are some companies that offer reputation monitoring services to the commercial sector, although care must be taken with country-specific regulations and legal obligations, including, but not limited to, the UK Data Protection Act 2018, UK Investigative Powers Act 2020 (similar powers exist under the US Patriot and Liberty Act), the General Data Protection Regulation on the EU and of course the US First Amendment. Time will tell what happens next.