Critical Infrastructure Security , Fraud Management & Cybercrime , Incident & Breach Response
Does Trump's Second Impeachment Have Cybersecurity Impact?Experts Say No, But Expect Adversaries to Look for Exploitable Chaos
President Donald J. Trump was impeached by the House of Representatives on Wednesday on a charge of inciting an insurrection, one week after a riot at the U.S. Capitol led to the deaths of five people.
See Also: LIVE Webinar | Stop, Drop (a Table) & Roll: An SQL Highlight Discussion
Many experts don’t believe the impeachment will have a direct impact on cybersecurity. But they warn that the ongoing turmoil surrounding the White House could create fresh opportunities for adversaries seeking to exploit chaos for their own ends.
The House voted 232-197 in favor of impeachment. Ten Republican lawmakers and all Democratic House members supported impeachment. It’s the second time Trump has been impeached during his term, and the first time a president has ever been impeached twice.
The impeachment caps a turbulent period since the Nov. 3, 2020, presidential election in which now President-elect Joe Biden won the Electoral College vote.
Trump has falsely asserted he won the election, claiming pervasive fraud without evidence, a notion that has gained wide traction with his followers. Biden is scheduled to be inaugurated on Jan. 20.
“I am concerned that adversaries will try to take advantage of the current disorganization at the White House irrespective of impeachment,” says Christopher Painter of Stanford's Center for International Security and Cooperation. Painter served under former President Barack Obama as senior director for cyber policy and acting cyber coordinator for the National Security Council.
Painter says he’s also worried about the potential cybersecurity implications of electronic devices being stolen during the Capitol riot.
Legislators reported stolen electronics following the riot, including laptops from the offices of House Speaker Nancy Pelosi and Sen. Jeff Merkley of Oregon.
The physical breach of the Capitol has raised questions about whether foreign intelligence agents may have blended in with the group that accessed the building. Physical access to devices, network ports and other infrastructure could offer opportunities to infiltrate networks (see: Rioters Open Capitol's Doors to Potential Cyberthreats).
“I would guarantee that foreign operatives took advantage of the riot to steal laptops,” says Tom Kellermann, head of cybersecurity strategy at VMware Carbon Black.
U.S. officials are bracing for more protests and possible violence in Washington and state capitols in the next week. The New York Times reports federal authorities issued a Joint Intelligence Briefing warning of threats from “domestic violent extremists.”
Some of the participants in the Jan. 6 riot have been identified as off-duty law enforcement officers who traveled to Washington.
Also, the Secret Service is investigating an officer who posted Facebook content that suggested lawmakers who accepted the outcome of the Electoral College vote committed treason, The Washington Post reports.
That begs a question of whether other law enforcement officers or military members who support the extremist movement may represent insider threats.
Some of the largest exfiltrations of data from U.S. systems have been perpetrated by insiders such as former National Security Agency contractor Edward Snowden and Chelsea Manning, says Alexander Urbelis, a partner at the Blackstone Law Group in New York and former acting CISO for the U.S. National Football League.
”Insiders always have and always will pose a cybersecurity threat, and that rule applies to the government just as much as it does to the private sector,” Urbelis says.
The Capitol riot touched off a string of resignations of top national security officials. The acting secretary for the Department of Homeland Security, Chad Wolf, resigned on Monday, although he did not cite the riot as a reason for leaving. DHS oversees the Cybersecurity Infrastructure and Security Agency, or CISA.
Other officials in the national security chain who have resigned include Matthew Pottinger, who was the White House’s deputy national security adviser; John Costello, the Commerce Department’s deputy assistant secretary for intelligence and security; and Anthony Ruggiero, a senior official on the National Security Council, according to news reports.
Biden’s administration has been forming a new national security team. He has selected Alejandro Mayorkas, who was a DHS deputy secretary under Obama, to lead the agency. There have been concerns, however, that a Senate impeachment trial may hold up confirmation hearings for Biden’s appointees.
Painter says a Senate impeachment trial is unlikely to detract from Biden’s cybersecurity agenda or cabinet appointments. The Senate’s impeachment trial will be held after Biden’s inauguration, but not necessarily immediately.
Biden is reportedly pushing for ways to ensure that hearings related to Cabinet appointees can proceed in spite of a trial (see: What a Joe Biden Presidency Means for Cybersecurity).
Painter adds that Biden can appoint a deputy national security adviser until his nominated appointee gets a hearing. The deputy would not require a Senate confirmation vote, so that individual could start work upon Biden’s inauguration, Painter says.
The leadership juggles come as the U.S. continues to investigate one of the most significant and complex intrusions into government systems and private companies.
Hackers infected SolarWinds' Orion network monitoring product with a backdoor that affected as many as 18,000 companies.
A much smaller number were targeted with second-stage malware. Among those victims are FireEye, Microsoft and up to 10 U.S. government agencies, including the Department of Justice and branches of the Pentagon, as well as the Commerce, Homeland Security, State, Energy and Treasury departments.
The U.S. government and others say the SolarWinds supply chain attack appears to have been an espionage campaign run by Russians. Investigators are continuing to probe the breach, identify victims and catalog what data may have been accessed or stolen (see: SolarWinds Attack: Pointing a Finger at Russia).
Gregory Touhill, who was the first U.S. federal CISO and is a retired Air Force general, says the U.S. has much to do to better protect itself from cyber threats, which since the election include the SolarWinds threat, civil unrest and continued misinformation and disinformation.
“Both public and private sector organizations are on high alert for potential cyberattacks, and many are reassessing their cyber readiness posture,” says Touhill, who is now president of Appgate Federal.