All these takes about “shocking photos of *unlocked* congressional computers” are really bad. 1) Congress is like over 500 executives and their assistants in terms of computer support, and 2) it’s our responsibility as infosec pros to make stuff like that automatic and intuitive.

3) How many of you actually can confirm you would lock your computer in an active shooter situation?

Should be food for thought about how to make this happen without a user having to hit a shortcut or menu item in a similar future scenario.

But anyway, another weird take I see all over is, “how many foreign agents embedded malware today in the crowd”.

Like, I don’t know, but I would not wager unclass congressional computers are bastions of cybersecurity controls. A bunch of powerful, non-techy people use them.

Those adversaries were very likely there already through cheaper conventional means.

Unfortunately, their IR will absolutely have to treat every device as potentially compromised or tampered with because there is no way to be sure. Maybe they’ll find some older implants.

Another weird take I see is that it’s all okay or not bad if a bunch of data was stolen from congressional computers because the computers were only unclass, but combining a bunch of less sensitive data together can raise its sensitivity, so I find that kind of cold comfort.

Anyway just my synopsis of cybersecurity takes that made me drink more today.