Biden leading ‘whole of government’ response to Colonial Pipeline attack

President Biden and top administration officials said Monday they are taking a “whole of government” approach to both responding to the debilitating ransomware attack on Colonial Pipeline and to strengthening the security of critical utilities moving forward. 

“This is something my administration, our administration has been tracking extremely carefully, and I have been personally briefed every day,” Biden said during remarks on the economy Monday at the White House.

Biden’s remarks came days after Colonial Pipeline, which transports around 45 percent of oil used on the East Coast, announced it had been forced to shut down all operations after its IT systems were hit by a ransomware attack. 

The FBI said Monday that the company had been targeted by the “DarkSide” ransomware variant, and that cyber criminals were behind the incident, which is likely the largest successful cyberattack on a U.S. utility in history. 

Biden highlighted the 100-day sprint announced by his administration last month to improve electric sector cybersecurity, and said more actions would be forthcoming to ensure the security of other critical utilities. 

“Private entities are making their own determinations on cybersecurity, so to jump-start greater private sector investment in cybersecurity, we launched a new public-private initiative in April,” Biden said. “It began with a 100-day sprint to improve cybersecurity in the electric sector, and we will follow that with similar initiatives for national gas pipelines, water and other sectors. In addition to companies stepping up, we need to invest to safeguard our critical infrastructure.”

Top Biden administration officials stressed Monday that the federal government was taking an all hands on deck approach to tackling the impact of the attack. 

“We are taking a multi-pronged and whole of government response to this incident and to ransomware overall,” Anne Neuberger, Biden’s deputy national security adviser for cyber and emerging technology, told reporters during the White House briefing Monday. 

Elizabeth Sherwood-Randall, Biden’s homeland security adviser and deputy national security adviser, told reporters at the same briefing that the Department of Energy (DOE) was leading the interagency response, which also includes involvement by the departments of Defense, Homeland Security, Transportation and Treasury. 

“Beginning on Friday night soon after we learned of the shutdown, the White House convened an interagency team,” Sherwood-Randall said Monday. “We have met throughout the weekend.”

Sherwood-Randall noted that DOE had held calls with critical infrastructure owners and operators, along with state and local governments to assess impacts on the supply chain. 

Sherwood-Randall also announced that the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency will soon issue an alert for the critical infrastructure community to understand any further risks from the attack on Colonial. 

Neuberger stressed that a cyber criminal group, not a nation state, was behind the hack, and highlighted the Department of Justice and Department of Homeland Security’s new efforts to combat ransomware attacks. 

These types of attacks have spiked over the past year as cyber criminals targeted vulnerable systems increasingly relying on online systems, such as schools and hospitals, and the Department of Justice announced a task force aimed at combating ransomware last month. 

Biden on Monday noted that confronting ransomware was an international effort as well. 

“My administration will be pursuing a global effort of ransomware attacks by transnational criminals who often use global money laundering networks to carry them out,” Biden said.

The pipeline attack comes as the administration is finalizing an executive order designed to improve federal cybersecurity, which officials have previously said will include around a dozen actions.

The order was put together by an administration that has been forced to confront two major cyberattacks in recent months. 

The SolarWinds hack, which was formally attributed to Russia last month, compromised nine federal agencies and 100 private sector groups for around a year prior to discovery, while newly announced vulnerabilities on Microsoft’s Exchange Server potentially compromised thousands of groups.

“My administration takes this extremely seriously,” Biden said of cyber threats on Monday.