Bruce specializes in next generation security technologies including trusted computing, software assurance, wireless security, and security operations. He is skilled at managing large teams of technical performers. Bruce is also an author of several books and articles. He speaks at a wide variety of security conferences including ShmooCon, DefCon, and Blackhat. Bruce is the Founder of Shmoo Group of security, crypto, and privacy professionals.
The violent pro-Trump mob that stormed the Capitol on Wednesday exposed not only glaring weaknesses in the legislative body’s physical security but also its digital and operational security, according to experts. The intruders were able to roam the halls of Congress and at certain points had unfettered access to some lawmakers’ offices and computers. One rioter left a note in front of a computer in House Speaker Nancy Pelosi’s office saying, “We will not back down.” Sen. Jeff Merkley, D-Ore., said a laptop was stolen from his office. There is no public evidence that devices were tampered with. But some experts are hoping that, in addition to a likely investigation into the failures of physical security measures, lawmakers take the opportunity to review their own digital security practices, which have long been a concern. The insurrectionists who breached the Capitol were unsophisticated opportunists who were more interested in taking selfies...
Close-access attacks can be difficult to detect and mitigate. If an adversary has unfettered physical access to a network or physical space, the only limits to the type of access they can get is their imagination and resources. Close-access attacks require some preparation and targeting, so attacking the Capitol space and networks as a target of opportunity would be difficult.