Hack the Capitol Highlights and What To Know

The past few years proved challenging for cybersecurity professionals. Many companies had to transition to a remote or hybrid working environment by leveraging new digital technologies, which expanded the cybersecurity threat landscape.

Cybercriminals see the pandemic as an opportunity to capitalize on the vulnerabilities of remote workers and people’s interest in COVID-related news. Because cybersecurity is top of mind for many people, various events occur throughout the year to address some major concerns in the cybersecurity industry. One notable event in early May was called “Hack the Capitol 5.0”.

Continue reading to learn more about Hack the Capitol, some of the event’s major highlights and what the future holds for cybersecurity.

What is the Hack the Capitol Conference?

On May 4, 2022, the Hack the Capitol 5.0 conference took place in Washington D.C. and was a hybrid event that people could attend virtually.

The National Security Institute (NSI) partnered with various organizations, including ICS Village, Crowell & Mooring, R Street Institute, The Atlantic Council and Cyber Bytes Foundation, to host the fifth installment of Hack the Capitol. Another partner of the event was the Maryland Innovation Security Institute.

The free one-day conference had three different programming tracks attendees followed, including:

• Policy panels and presentations with keynote speakers and fireside chats from government officials
• “Technical Talks” that offer deep dives into leading cybersecurity issues
• An Exhibition Hall that includes demonstrations (some were hands-on) of various industrial control systems
  

Three keynote speakers at the event were:

• Chris Krebs, Former Director of the Cybersecurity and Infrastructure Security Agency (CISA)
• Jen Easterly, Director of CISA
• Congressional members Rep. Jim Langevin (D-RI), Rep. Elissa Slotkin (D-MI) and Rep. Lou Correa (D-CA)
  

It’s reported that this year’s Hack the Capitol conference was extremely successful, with over 1,000 registrants and attendees from both public and private sectors.

Highlights from Hack the Capitol 5.0

One goal of Hack the Capitol is to educate congressional staffers, cybersecurity professionals, the press, and scholars about some of the most pressing cybersecurity issues the nation is currently facing. The event is also meant to help the cybersecurity industry enhance its posture in an increasingly threatening landscape.

Attendees were happy to return to an in-person or hybrid format for this year’s conference. Additionally, there were qualified professionals representing several tracks, from government agencies to academia experts.

Below are some of the main highlights from Hack the Capitol 5.0.

More Focus on Cybersecurity From the Federal Administration

David Brearley, operational technology cybersecurity director at HDR, an engineering, architecture, construction and environmental services company, noted a renewed focus on the federal government’s vocal support of cybersecurity.

This month, a Washington Post article mentioned that the federal government’s top cybersecurity agency, CISA, made significant improvements toits monitoring tools to gain visibility into potential cyber threats.

CISA also reported that it now has more authority to force agencies to fix any digital vulnerabilities before cybercriminals exploit them. The federal government needs to take cybersecurity seriously and empower its agencies to enforce strict cybersecurity standards.

Primary Theme: Cybersecurity for Critical Infrastructure

A primary theme noted in this year’s Hack the Capitol was the need to improve cybersecurity among non-regulated U.S. critical infrastructure. Many believe that these industries could greatly benefit from enhancing their cybersecurity posture.

Because many critical infrastructure sectors, such as energy, water and manufacturing, depend on each other, one single attack is capable of disrupting each sector individually. Attacks on critical infrastructure are becoming increasingly concerning because the consequences of these attacks are far-reaching.

Outcome-Driven Cybersecurity vs. Being Compliant

Another topic often discussed in the industry and at this year’s Hack the Capitol is the difference between maintaining a strong cybersecurity posture versus following compliance requirements. Remaining compliant in cybersecurity is a good step in the right direction. Still, it can leave an organization or agency more vulnerable. As cyberattacks become more sophisticated and harder to detect, industries need to take more action to move beyond compliance.**
**

For example, any contractor involved in Department of Defense (DoD) projects must now meet Cybersecurity Maturity Model Certification (CMMC) requirements. These requirements include implementing stringent cybersecurity practices to safeguard sensitive information. If an organization meets the CMMC requirements, they are considered more “mature” in terms of cybersecurity. Modern cybersecurity practices must be outcome-driven rather than driven by compliance requirements.

Addressing the Rise of Ransomware Attacks

Executive director and co-founder at the IT Acquisition Advisory Council John Weiler felt that the Critical Infrastructure and Ransomware panel was hard-hitting. Weiler said it’s scary to think about how state-controlled gangs use effective ransomware tools for their attacks. It’s common for these organizations to focus on keeping data hostage in exchange for payment rather than being concerned about stealing the data itself.

For example, REvil and Darkside are two well-known cybersecurity gangs that launched ransomware attacks on JBS Foods USA and Colonial Pipeline Co., respectively. The ransomware-as-a-service (RaaS) trend and availability to exploit toolkits make it easier for cybercriminals to execute attacks on critical infrastructure.

This is not an exhaustive list of takeaways from this year’s Hack the Capitol. However, these critical themes provide insight into the state of cybersecurity this year and how the industry should move forward.

Prioritizing Cybersecurity in 2022

As cyberattacks intensify and become a top concern for many public and private sectors, holding these industry events is essential. Keeping cybersecurity pros on top of the latest trends and encouraging thought leaders to share their ideas can help support the cyber community. It will be interesting to see what other events occur and what major topics are discussed regarding current cybersecurity issues.