Conversation

Mieke Eoyang
@MiekeEoyang
Hi, former HPSCI staffer here. Congressional offices deal in unclassified information. Most of the things they deal with are open source. Classified information dealt with in designated Congressional SCIFs. No indication those were breached.
Quote Tweet
Joe Uchill
@JoeUchill
The natsec/infosec implications of the coup attempt are staggering - not just in Pelosi's office. They'll need to assume all systems and physical files were compromised, and catalog what of each was stolen, altered or destroyed
Show this thread
163
Retweets
32
Quotes
697
Likes
25
Bookmarks
Show replies
Mieke Eoyang
@MiekeEoyang
As someone who worked up there most of her career, and through many forced evacuations, I'm not worried about this incident from an infosec perspective. There are many *other* things I worry about from an infosec perspective for Congress.
4
110
Show replies
Mieke Eoyang
@MiekeEoyang
Yes but the segregation of the house offices from each other limits the ability to aggregate mass data by physical access to a particular office.
1
6
Show replies
Scott Massari
@scottmassari
Short sighted. Don't need control list but lets hear how this was threat modeled. pwds.xls saved on the desktop no big deal? Combining data, possible acct compromise leading to pivot like impersonation are trivial? No email forwarding either way & filtered (dlp) right? ISE & USB?
1
3
Mieke Eoyang
@MiekeEoyang
535 Congressional offices + committees operate largely independently. Hard to do a systemic compromise of Congress. Relative risk of this attack vs. baseline porous nature of Congress is small, because it was already so easy to pwn an office on extant physical/remote access.
4
James McLaren
@manfrommaralea
Sorry, no. Unclassified != not sensitive, because (1) aggregation - 5 or 50 U/C documents can allow sensitive inferences to be drawn (2) there's likely personal data in there which can be leveraged. Ex-uk public sector security.
1
1