Last year went out with a bang infosec-wise with the SolarWinds and FireEye breaches, and 2021 has come in with a bang given the attack on the Capitol in Washington DC and the inauguration of a new president of the US. What do these events presage for the information and IT security industries and professionals in the US and internationally?
Although it is still too early in the new US administration to garner firm ideas on what the administration will do vis-a-vis cyber security and international cooperation, the initial signs are positive. However, there is much to do within the US government itself, given the accepted assumption that there are bad actors within its infrastructure and that there is no currently available official assessment of what was compromised during the invasion of the Capitol.
I expect that the main focus will be on identifying and recovering from any breaches, followed by work to improve the underlying infrastructure security. There will also be a necessary focus on the US-led cyber industry, particularly given the previous events concerning SolarWinds and FireEye.
Other than the Five Eyes surveillance alliance, I believe that security cooperation with international cyber companies will be a lesser focus, particularly given the US cyber industry’s role outside the US.
However, there are other lessons to be learned, mainly because of the attack on the Capitol. Firstly, there is evidence of insider assistance to those attacking the Capitol. Stated, there were insider threat sources and insider threat actors. No cyber professional or anyone in the role of a human resource should ignore this.
For the new administration, this will necessitate a root-and-branch overhaul of the security vetting procedures for all administration staff and contractors and all elected officials and their staff. There will be opposition, particularly from the elected representatives, but given the scale of the Capitol breach, it needs doing and doing urgently. Because the attackers got into the Capitol and some items, including laptops, were stolen, the building’s IT infrastructure could have been breached under cover of the attack, which twhichraises the issue of physical security and how staff should react in such a situation.