Q. If you were the person or on a team of individual responsible for developing a disaster recovery plan and business contingency plan, what would you have done to prepare for this type of disaster? Do you think the established Disaster Recovery Plan and a Business Contingency Plan for this situation based was adequate information and process identification that was presented in this chapter? Justify your answer to your choice.

The January 6 attack on Election Day certification proceedings in the US Capitol Building has deep cybersecurity ramifications.

By David Gewirtz for ZDNet Government | January 11, 2021 -- 14:21 GMT (06:21 PST) | Topic: Security

When hostile actors penetrated the Capitol Building on January 6, they gained access to individual chambers and offices and remained at large within the Capitol complex for well over two hours.

We have reports that items were stolen. One report comes from acting US Attorney for DC, Michael Sherwin, who stated "items, electronic items were stolen from senators' offices, documents and ... we have to identify what was done to mitigate that." My local Senator, Jeff Merkley (D-Ore.), reported that at least one laptop had been stolen.

Amid stolen laptops, lost data and potential espionage, the cybersecurity consequences of this attack will take months to sort out. Here's a look at the cybersecurity issues.

National security issues

While surveillance undoubtedly tracked many of the hundreds who made it inside the building, we cannot assume we know the exact second-by-second movements of everyone who gained entrance. That means there is absolutely no knowing what actions were taken against digital gear inside the building.

Passwords, documents, access codes, and confidential or secret information may have been stolen. We also need to assume that some computers may have been compromised, with malware loaded onto them. Since malware is key to any systemic penetration, we must assume that bad actors have gained some persistent, hidden, ongoing access to Capitol Building systems.

In all likelihood, only a small number of machines were probably compromised. But given the sensitive nature of information stored on digital gear inside the Capitol, and given that it may be impossible to quickly ascertain which devices were compromised, federal IT personnel must assume that ALL the digital devices at the Capitol have been compromised.

The situation is actually worse than it may appear at first. According to a USA Today timeline, Congress reconvened at 8pm on January 6. It's likely that staff computer use began mere minutes after Congress reconvened. Obviously, there was no way to completely lift and replace thousands of machines instantly. Therefore, from that moment until now, members and their staff have been using digital devices that may have been compromised. That means that all communications, files, and network connections from and to those devices may have also been compromised.

Physical access raises the stakes

If the Capitol's computers were penetrated by a traditional malware-driven hack followed by a breach over the Internet, mitigation could have been moderately straightforward, if not inconvenient and painful. Systems could have been scanned for malware, and -- in the most sensitive cases -- hard drives could have been zeroed or replaced.

But there were hundreds of unauthorized people in the building, people who were photographed having gained access to the desks and private offices of members. These people could have gone anywhere within the building.

We also have to assume that there were some foreign actors who entered the building by blending into the crowd. Yes, I know this sounds paranoid, but hear me out. We know that Russia and other nations have been conducting cyberattacks against America for some time.

We also know that the final congressional certification of ballots for the 2020 presidential election was Constitutionally mandated for January 6 -- and because of the heated rhetoric, it was all but a certainty that there would be crowds and unrest.

It is therefore highly likely that enemy (or frenemy) actors were likewise aware of the potential for unrest around the Capitol Building. While the specific details of exactly what would unfold in what order on January 6 was impossible to predict, there's good reason to expect that international handlers would find it prudent to keep small squads of agents on standby. That way, if the opportunity presented itself, they could surreptitiously insert those agents into the situation.

Therefore, we have to assume that some of the people who penetrated Capitol Hill were probably foreign actors. And from that observation, we have to expect one or more of those foreign actors who made it inside took some physical action against machines normally out of reach.