The Biden administration is struggling to find an effective, robust counter to the cyberattackers who have repeatedly caught the U.S. flat-footed and disrupted Americans’ lives from the gas pump to the police station.
Cybersecurity leadership selected by President Biden last month remains uninstalled, and a federal cyber agency said Tuesday that it does not yet have the information it needs to prevent further attacks such as the one that hit a major fuel pipeline last week.
The Colonial Pipeline shut down while working to overcome a ransomware attack, which involves malicious software holding data or computer systems hostage until victims pay the attackers in exchange for restored access.
The federal government has joined the company in trying to prevent a major gasoline shortage from the shutdown of the pipeline, which runs from Houston to New York and provides nearly half of all fuel consumed on the East Coast.
The Cybersecurity and Infrastructure Security Agency (CISA), the federal civilian agency tasked with preventing and fighting cyberattacks, told the Senate that it is waiting to receive technical information necessary to protect others from similar attacks.
“You still don’t have the information you need to be able to be responsive and provide support to critical infrastructure. Is that what you’re saying?” Sen. Rob Portman, Ohio Republican, asked the top CISA official, who appeared Tuesday before the Homeland Security and Governmental Affairs Committee.
“Yes, but that is not surprising given that it’s, they’ve only been working on the incident response since over the weekend and it’s fairly early,” said Brandon Wales, the agency’s acting director. “We … have had historically good relationship[s] with both Colonial as well as the cybersecurity firms that are working on their behalf. We do expect information to come from that, and when we have it, we will use it to improve cybersecurity more broadly.”
He said Colonial Pipeline did not contact his agency and likely would not have reached out if the FBI had not brought in the agency to assist with the response to the attack.
Alongside issues with information flow, the Biden administration is beleaguered with personnel problems. Top cybersecurity posts have stalled in the Senate confirmation process. Mr. Portman said senators are waiting for paperwork to be finalized for Mr. Biden’s nominee for the nation’s first national cyber director, John C. Inglis, who previously served as deputy director of the National Security Agency.
The nomination of Jen Easterly, another former NSA official, to run CISA also is pending.
Senate Democrats are mum about the holdup.
As the administration works to overhaul cybersecurity policy, victims of cyberattacks are stacking up across sectors that affect Americans’ day-to-day lives. In March, Buffalo Public Schools canceled classes for a day because of a “cybersecurity outage” reported to be a ransomware attack.
Late last year, the FBI detected an uptick in ransomware complaints that coincided with cyberassaults on hospitals and medical centers as the COVID-19 pandemic raged.
More recently, ransomware has afflicted law enforcement. Police departments of varying sizes from the District of Columbia to Presque Isle, Maine, have been hit with ransomware attacks since the start of April.
The full list of cyberintrusions in recent months is long and not limited to ransomware. Last month, CISA warned that hackers had breached Pulse Connect Secure products in government agencies, the private sector and critical infrastructure starting at least as far back as June.
Early indications suggest that five federal agencies were compromised in that hack, Mr. Portman said.
Nine federal agencies were compromised through the hack of SolarWinds computer network management software that was publicly disclosed late last year. Federal agencies are still working to recover from the intrusion. Microsoft Exchange servers have suffered from a large-scale hack. The company said China-based hackers were responsible.
The hacks look to have been espionage campaigns, and the Biden administration imposed sanctions on Russia in response to the SolarWinds hack. On Tuesday, Sen. Ron Johnson, Wisconsin Republican, wondered whether any evidence suggested that the pipeline cyberattack relied on information gathered from the SolarWinds espionage.
“My concern about what happened with Colonial Pipeline is it’s just a shot across the bow,” Mr. Johnson said. “These hacks, what was achieved with SolarWinds, is it is gathering information to be used at some point in time. Are we looking seriously in terms of how they may use that information and whether or not this might have been connected to Colonial Pipeline?”
“We are looking hard at the information that the adversary gleaned from SolarWinds, looking at reflections in intelligence, and the FBI is actively investigating the Colonial Pipeline incident,” Mr. Wales said.
The FBI has attributed the Colonial Pipeline cyberattack to DarkSide ransomware. The cybercriminals behind the pipeline attack are believed to be in Eastern Europe, and the Biden administration said the attackers look to be a criminal crew instead of a government.
The cyberintrusion against the pipeline could be felt most acutely by drivers along the East Coast in the coming days. AAA said the shutdown will exacerbate rising pump prices that already climbed 6 cents a gallon over last week.
Energy Secretary Jennifer Granholm warned gas station operators against price gouging in areas affected by the Colonial Pipeline outage. She also said there is no reason for drivers to start hoarding gasoline, just as she said there was no cause to hoard toilet paper at the onset of the COVID-19 pandemic last year.
The White House said the administration is monitoring fuel supply shortages, and Environmental Protection Agency Administrator Michael Regan waived vapor pressure rules on fuel sold in the District of Columbia, Maryland, Pennsylvania and Virginia to solidify the supply of gas through May 18.
To show their attention to the cyberattacks hitting the country, Democrats noted the increased spending of taxpayer money on cybersecurity.
At Tuesday’s hearing, Sen. Gary C. Peters, Michigan Democrat, touted his work helping to secure $650 million for the cyberagency as part of a larger COVID-19 relief package.
His Republican counterpart, Mr. Portman, questioned the effectiveness of that expenditure, but the price tag for government spending on cybersecurity is set to go up regardless.
Last month, Rep. Jim Langevin, Rhode Island Democrat, and Rep. Mike Gallagher, Wisconsin Republican, wrote to appropriators that $400 million more was needed for CISA urgently on top of the $650 million the agency already collected.
“Despite all the increased funding appropriated for cybersecurity and the bipartisan legislation we’ve worked on here in this committee, not one of these federal intrusions was discovered by the federal government,” Mr. Portman said.
⦁ Tom Howell Jr. and Ben Wolfgang contributed to this report.