Cybersecurity Concerns Related to the Recent Breach of U.S. Capitol Security

January 12, 2021 IN11572




INSIGHTi

Cybersecurity Concerns Related to the Recent
Breach of U.S. Capitol Security
January 12, 2021
On January 6, 2021, individuals breached the U.S. Capitol security while a joint session of Congress met
to certify the 2020 presidential election electoral votes. Upon illegally entering the Capitol, they entered
and searched offices throughout the building. In the wake of this incident, experts in the cybersecurity
community have been discussing issues related to how the event unfolded and what risks it raises to
cybersecurity in its aftermath. Among those issues are:
 the role of social media platforms in enabling violent groups to organize and carry out
their objectives, and the role of government in monitoring that speech;
 the use of public communications networks for alerting congressional building occupants;
and
 the risk to information and technology from unauthorized and unscreened persons’ access
to the U.S. Capitol.
This Insight discusses these issues and summarizes concerns raised among the cybersecurity community.
It does not discuss related issues, such as internet regulation, violent extremism, law enforcement
responsibilities, or U.S. Capitol security.
The Role of the Internet
Cybersecurity experts have studied and warned of the use of social media to bolster the recruiting,
indoctrination, training, and organization of extremist groups. The constitutionally protected right of free
speech remains a significant aspect of the debate as policymakers seek to combat online extremism.
News media reports that the individuals who breached the U.S. Capitol security used websites and social
media to organize that effort. In 2020 some private sector research firms were tracking this specific
behavior online and reported on it.
While some cybersecurity experts cite advantages in leveraging social media for situational awareness
and law enforcement purposes, others assert that social media facilitated the incident. Senator Mark
Congressional Research Service
https://crsreports.congress.gov
IN11572
CRS INSIGHT
Prepared for Members and
Committees of Congress



Congressional Research Service
2
Warner has asked social media companies to preserve data posted during the event, raising competing
issues of free speech and national security.
The incident on January 6 highlights some, but not all, of the issues surrounding this debate.
 What responsibilities do social media companies and web hosting providers have, or
ought to have, to monitor their platforms for violent and/or extremist content and take
action (e.g., remove that content or report the behavior to authorities)? The federal
government previously debated limits on what may be posted and shared online and
established the requirement for internet companies to report on child exploitation.
 What is the appropriateness and adequacy of federal agencies’ open source intelligence
collection and reporting coordination? Agencies have sought capabilities to monitor and
collect information from social media platforms and websites. In doing so, some experts
scrutinized the activity and wondered what systems or safeguards would be employed to
prevent abuse.
Communications Systems
During emergencies, authorities rely on a variety of communications systems to alert people working in
the U.S. Capitol complex. The U.S. Capitol Police used such a system on January 6, 2021. The
distribution of these alerts rely on both internet-based (e.g., email and Wi-Fi networks) and cellular-based
(e.g., SMS communications) systems to deliver messages. Concurrently, both occupants and individuals
who breached Capitol security used social media to communicate their presence and status at the Capitol.
While the volume of communications indicate that systems worked as intended, lessons from January 6
could be used to inform future decisions on both the shared use and resiliency of these systems. Some
issues concerning the use of communications systems include, but are not limited to, the following.
 What are the common communications plans for occupants and visitors to the U.S.
Capitol complex and what fault tolerance (e.g., resiliency, redundancy, and graceful
degradation) is in place to ensure information and communications systems are operable
in an emergency?
 What capabilities do information technology (IT) security officials possess to filter or
limit communications in an emergency and what are the protocols for employing such
capabilities?
Physical Security of IT
One of the most widely discussed concerns are the risks introduced by the loss of physical security during
the incident. News media report that offices were “ransacked” and laptops stolen. Cybersecurity experts
warn that the loss of physical security increases the possible risk of lost data; corrupted devices; the
introduction of unauthorized devices or applications; and compromised networks.
In response, the House Office of the Chief Administrative Officer issued a letter assuring users that the
Office of Cybersecurity took steps to protect IT and that as of January 7, 2021, there is no evidence of a
compromise. However, they also encouraged users to account for all IT devices and change passwords for
potentially exposed equipment and accounts.
Cybersecurity experts identify physical security as foundational elements of cybersecurity. In the
aftermath of the incident, and following incident response guidelines, IT teams will likely be conducting
inventories, sweeps, and forensic analyses in an effort to identify and mitigate potential compromises.
Policymakers may seek additional information about this response.

Congressional Research Service
3
 How will IT teams ensure the security of devices or information already or potentially
compromised?
 Do IT response teams have a plan to execute in this situation? If not, what lessons are
being tracked and implemented if a similar response is needed in the future? Are IT teams
resourced to implement these plans and any lessons learned?
 Do IT response teams have adequate resources to investigate and, if necessary,
reconstitute IT systems and networks?
 If additional assistance is necessary from executive branch agencies, what protocols will
be in place to protect the separated relationship between the executive and the legislative
branches?
 Are IT administrators empowered to make changes, or are there barriers which require
further debate?


Author Information

Chris Jaikaran

Analyst in Cybersecurity Policy




Disclaimer
This document was prepared by the Congressional Research Service (CRS). CRS serves as nonpartisan shared staff
to congressional committees and Members of Congress. It operates solely at the behest of and under the direction of
Congress. Information in a CRS Report should not be relied upon for purposes other than public understanding of
information that has been provided by CRS to Members of Congress in connection with CRS’s institutional role.
CRS Reports, as a work of the United States Government, are not subject to copyright protection in the United
States. Any CRS Report may be reproduced and distributed in its entirety without permission from CRS. However,
as a CRS Report may include copyrighted images or material from a third party, you may need to obtain the
permission of the copyright holder if you wish to copy or otherwise use copyrighted material.

IN11572 · VERSION 1 · NEW