Energy Secretary Jennifer Granholm recently called for more public-private cooperation on cyber defenses. Specifically, she wants the victims of cyberattacks to refuse paying ransom to cybercriminals.
"The bottom line is, people, whether you're private sector, public sector, whatever, you shouldn't be paying ransomware attacks, because it only encourages the bad guys," she said.
Granholm noted that U.S. adversaries are capable of using cyber intrusions to shut down the country's power grid.
"I think that there are very malign actors who are trying," Granholm said. "Even as we speak, there are thousands of attacks on all aspects of the energy sector and the private sector generally.”
The Colonial Pipeline was recently with a crippling cyberattack by ransomware group known as DarkSide. Colonial temporarily shut down its gasoline distribution networks in the South before paying $4.4 million to the hackers.
Granholm spoke in favor of having a law that would ban paying such ransom, though she said that she doesn't know "whether Congress or the president is at that point."
Government urged to help critical infrastructure companies prepare and respond to attacks
Industry experts are urging the government to ensure that critical infrastructure companies are prepared for attacks and to help them respond to attacks. (Related: Colonial Pipeline cyber attack draws attention to serious vulnerabilities in U.S. energy.)
Colonial Chief Executive Joseph Blount said he authorized the ransom payment because they were unsure how badly the cyberattack had breached their systems. Blount said it was an option he felt he had to exercise given the stakes involved in a shutdown of such critical energy infrastructure.
"I know that's a highly controversial decision. I didn't make it lightly. I will admit that I wasn't comfortable seeing money go out the door to people like this," Blount said. "But it was the right thing to do for the country."
The oil and gas sector has been criticized for lax cybersecurity regulation. Standards for American pipeline infrastructure are set by the Transportation Security Administration (TSA), the government agency in charge of airport screenings that has been traditionally understaffed and underfunded.
TSA had just six full-time staff members dealing with pipeline security until last year. That number has since increased to 34.
Rich Glick, chair of the Federal Energy Regulatory Commission (FERC), said that while stringent cyber regulations applied to the power grid, "there are no comparable mandatory standards" for the almost three million miles of pipelines in the country. FERC is responsible for setting cybersecurity rules for the electricity grid.
According to FERC Commissioner Neil Chatterjee, responsibility should be stripped from the TSA and shifted to the Department of Energy. "I was worried about the economic and national security implications of such an attack and we're seeing that in real time with what happened with Colonial," he said.
Biden takes steps to strengthen country's cybersecurity defenses
On May 12, President Joe Biden signed an executive order aimed at strengthening the country's cybersecurity defenses. The president's executive order calls for the federal government and private sector to partner in confronting "persistent and increasingly sophisticated malicious cyber campaigns" that threaten national security.
Biden's executive order requires IT service providers to tell the government about cybersecurity breaches that could impact U.S. networks, and removes certain contractual barriers that might stop providers from flagging breaches; creates a standardized playbook and set of definitions for federal responses to cyber incidents; pushes the federal government toward upgrading to secure cloud services and other cyber infrastructure, and mandates deployment of multifactor authentication and encryption with a specific time period; improves security of software sold to the government, including by making developers share certain security data publicly; establishes a "Cybersecurity Safety Review Board" comprising public- and private-sector officials, which can convene after cyberattacks to analyze the situation and make recommendations; and improves info-sharing within the federal government by enacting a government-wide endpoint detection and response system.
Former Secretary of State Condoleezza Rice said the U.S. and other countries should talk to countries such as Russia about law enforcement and intelligence cooperation. Rice said this would "test the reality of how much the Russian government is or is not involved" in these attacks.
A recent ransomware attack on meat processing company JBS SA was attributed to REvil, a Russian-speaking gang that has made some of the largest ransomware demands on record in recent months.
White House Press Secretary Jen Psaki said the U.S. is considering all options in dealing with the attack and that the president intends to confront Russian President Vladimir Putin about his nation's harboring of ransomware criminals.
"I can assure you that we are raising this through the highest levels of the U.S. government," she said. "The president certainly believes that President Putin has a role to play in stopping and preventing these attacks."
Follow CyberWar.news for more news and information related to cyberattacks.
Sources include:
Please contact us for more information.