Here’s what we learned from the Colonial Pipeline CEO’s testimony today
In recent weeks, cybercriminals have increasingly targeted organizations that play critical roles across broad swaths of the US economy. The fallout from those attacks show how hackers are now causing chaos for everyday Americans at an unprecedented pace and scale.
Energy Secretary Jennifer Granholm on Sunday warned that “very malign actors” had the US in their sights after attacks on a pipeline, government agencies, a Florida water system, schools, health care institutions and, even last week, the meat industry and a ferry service to millionaire’s playground Martha’s Vineyard.
“Even as we speak, there are thousands of attacks on all aspects of the energy sector and the private sector generally … it’s happening all the time,” Granholm told CNN’s Jake Tapper on “State of the Union.”
The Justice Department signaled last week that it plans to coordinate its anti-ransomware efforts with the same protocols as it does for terrorism, following a slew of cyberattacks that have disrupted key infrastructure sectors ranging from gasoline distribution to meatpacking.
Deputy Attorney General Lisa Monaco issued an internal memo directing US prosecutors to report all ransomware investigations they may be working on, in a move designed to better coordinate the US government’s tracking of online criminals.
The memo cites ransomware — malicious software that seizes control of a computer until the victim pays a fee — as an urgent threat to the nation’s interests.
“We must enhance and centralize our internal tracking of investigations and prosecutions of ransomware groups and the infrastructure and networks that allow these threats to persist,” Monaco wrote.
The tracking effort is expansive, covering not only the DOJ’s pursuit of ransomware criminals themselves but also the cryptocurrency tools they use to receive payments, automated computer networks that spread ransomware and online marketplaces used to advertise or sell malicious software. The DOJ directive requires US attorneys’ offices to file internal reports on every new ransomware incident they hear about.
Some more actions: As part of the Biden administration’s effort to grapple with the threat from ransomware, the Transportation Security Administration also issued a security directive last month mandating that critical pipeline operators comply with several cybersecurity measures, including reporting cybersecurity incidents to the department within 12 hours and designating a “24/7, always available” cybersecurity coordinator.
The cyberattack on the Colonial Pipeline exposed how ransomware, which is primarily a criminal, profit-driven enterprise, “can rise to the level of posing a national security risk and disrupt national critical functions,” a DHS official said when the directive was announced.
The top lawmakers on the Senate Homeland Committee, Sens. Gary Peters, a Michigan Democrat, and Rob Portman, an Ohio Republican, introduced legislation in April that would establish a cyber response and recovery fund to help companies recover from significant cyber attacks.
CNN’s Geneva Sands contributed reporting to this post.