WASHINGTON — President Biden’s homeland security adviser, Elizabeth Sherwood-Randall, told reporters Monday afternoon that, despite disruptions created by a ransomware attack on a major U.S. pipeline over the weekend, the White House is not immediately concerned about fuel shortages or major damage to critical infrastructure.
“Right now there is not a supply shortage,” she said at the daily White House press briefing. “We are preparing for multiple contingencies because that is our job. ... Colonial is currently working with its private cybersecurity consultants to assess potential damage and to determine when it is safe to bring the pipeline back online.”
Sherwood-Randall added that the pipeline can “be brought back online relatively quickly.”
The Alpharetta, Ga.-based Colonial Pipeline Co., which operates the pipeline that carries millions of barrels of gasoline, diesel and jet fuel to 45 percent of the East Coast, announced on Saturday it was the victim of a digital breach involving ransomware, a style of cyberattack in which hackers infiltrate networks, encrypt private files and demand payment in order to unlock them. In response, Colonial proactively took large segments of the pipeline offline to prevent further loss of data, it revealed in a statement on its website, halting the distribution of fuel from the Gulf Coast to New York.
While the company is in the process of slowly bringing parts of the pipeline back online, the incident highlighted both the increasing threat of ransomware and the dangers of a disruption to the operations of critical infrastructure.
Just days before Colonial learned it was the victim of a ransomware attack, Homeland Security Secretary Alejandro Mayorkas spoke about the challenge of the same type of increasingly prevalent digital disruption and its threat to national security.
“It is one of our most significant priorities right now,” said Mayorkas in prescient remarks during a webinar on ransomware hosted by the U.S. Chamber of Commerce on May 5. According to Mayorkas, ransomware attacks, which increased in frequency by 300 percent over the last year, cost victims more than $350 million in the same time frame. The style of attack is becoming easier to deploy and is profitable and effective for criminal groups and nation-states alike.
But perhaps more important for policymakers than the method of disruption is the heightened urgency to ramp up defenses, particularly for private sector companies that are classified as critical infrastructure, vital to the overall functioning of society. “It is not a matter of eliminating ransomware, it is a matter, quite frankly, of defending against the attackers,” Mayorkas said during the webinar.
A defensive mindset will be increasingly important as the Biden administration responds to the Colonial breach. The Department of Energy is leading the investigation into the intrusion, the latest in a recent string of high-profile digital penetrations, including the SolarWinds breach into a popular IT monitoring tool.
The U.S. intelligence community blamed the SolarWinds breach on the Russian intelligence service. In this case, the FBI linked the pipeline intrusion to DarkSide, a relatively new Russian entity made up of cybercriminals who claimed in a statement to be motivated entirely by profit, though they have hesitated in attacking any Russian targets thus far, according to researchers.
While cybersecurity experts have long warned about the vulnerability of U.S. critical infrastructure to digital attack — particularly as Russian actors have deeply penetrated the electric grid in recent years — the pipeline attack and the immediate disruption to the delivery of fuel across the eastern half of the country may crystallize that reality in a way previous intrusions haven’t.
“It’s incredibly concerning,” said Tobias Whitney, vice president of energy security solutions at the information security firm Fortress, a company that works directly with over 30 energy-related critical infrastructure companies to detect digital threats and share information.
Whitney said he’s currently advising clients that this kind of attack shouldn’t be seen as an isolated incident, solely affecting one oil and gas pipeline company. “This is proof that this type of threat, whether it’s ransomware or what have you, could very significantly impact or damage reliable operations for various critical infrastructure companies,” Whitney told Yahoo News in a phone interview.
In a statement to the press, Sen. Ben Sasse, R-Neb., called for the Biden administration to focus on “the hardening of critical sectors” as part of the infrastructure bill the White House hopes to pass.
The Biden administration is currently working on a plan to secure industrial control systems, from the pipeline to defense, gas, electricity, water and chemical systems, focusing on getting visibility into the companies’ systems and software in order to avoid, mitigate and respond to intrusions.
The need for enhanced information sharing has long been a popular response to major digital breaches, particularly as the U.S. government does not own the networks or companies that fall victim to many serious digital intrusions that could affect the economy and the overall national security of the country.
Whitney told Yahoo News there needs to be more clarity on what “information sharing” means for private sector companies, from what kind of information needs to be shared to what types of information are time-sensitive and which companies are within a firm’s technical supply chain. He suggested that administrators within the government could provide clarity on those requirements and “give these organizations some real meat, some tactical things to do” to work together to prevent and respond to digital threats.
Read more from Yahoo News: