House and Senate lawmakers will question the CEO of Colonial Pipeline Co. this week after the company was the victim of one of the most disruptive cyberattacks on U.S. energy.
Hearings before the Senate Homeland Security & Governmental Affairs and House Homeland Security committees will feature Colonial Pipeline CEO Joseph Blount and will focus on the protection of critical infrastructure.
The Colonial ransomware attack led to the shutdown of one of the largest pipeline systems in the U.S. for nearly a week and caused panic buying of gasoline, higher gas prices and supply disruptions of the fuel along the East Coast.
The hack showcased critical infrastructure vulnerabilities and led lawmakers to wonder whether the government should move forward with a heavier hand at overseeing private-sector infrastructure.
"The Colonial pipeline ransomware attack and the related fuel shortages laid bare three urgent challenges facing the nation: cybersecurity vulnerabilities in critical infrastructure, the need to build resilience into our networks and the profitability of ransomware," said House Homeland Security Chair Bennie Thompson (D-Miss.).
Several lawmakers have pushed bills in response to the incident, and President Biden issued an executive order to better secure the government and increase coordination with the private sector (Energywire, May 13).
Colonial’s decision to pay $4.5 million to the DarkSide ransomware gang will likely be a point of contention during the hearings as well as the company’s security practices.
Rep. Jim Langevin (D-R.I.) tweeted last month that he would "have some questions about Blount’s judgement" about the decision to pay DarkSide.
Energy Secretary Jennifer Granholm said that she is in favor of banning ransomware payments but noted that Congress and President Biden may not be.
"We need to send a strong message that paying a ransomware only exasperates and accelerates this problem," Granholm said on NBC’s "Meet the Press." "You are encouraging the bad actors when that happens."
The Senate Homeland Security Committee will also question the president’s picks for national cyber director, Chris Inglis, and director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, Jen Easterly.
The hearing comes at a time where ransomware attacks appear to be on the increase, with several other recent high-profile cases.
While ransomware has been an increasing problem over the past few years, recent attacks on the meat-packing company JBS, a Massachusetts ferry service and the Colonial pipeline have created new urgency.
Anne Neuberger, deputy national security adviser for cyber and emerging technologies, issued an alert with best practices that businesses can take to protect themselves against digital extortion.
Schedule: The Senate Homeland Security Committee hearing is Tuesday, June 8, at 10 a.m. in 342 Dirksen and via webcast.
Witness: Colonial Pipeline CEO Joseph Blount.
Schedule: The House Homeland Security Committee hearing is Wednesday, June 9, at 12 p.m. via webcast.
- Charles Carmakal, senior vice president of FireEye Mandiant.
Schedule: The Senate Homeland Security Committee nominations hearing is Thursday, June 10, at 10:15 a.m. in 342 Dirksen and via webcast.