The Department of Homeland Security’s top cyber agency said Tuesday that it has not yet received important technical information from Colonial Pipeline regarding the crippling hack that led it to shut down a key fuel pipeline last week.
Acting Cybersecurity and Infrastructure Security Agency (CISA) Director Brandon Wales told the Senate Homeland Security Committee at a hearing that Colonial Pipeline did not reach out to his agency and that CISA was brought in by the FBI to deal with the breach.
“We received information fairly quickly in concert with the FBI. Right now, we are waiting for additional technical information on exactly what happened at Colonial so that we can use that information to potentially protect other potential victims down the road,” Wales said.
While he said he does not believe Colonial would have contacted CISA if the FBI hadn’t looped in his agency, Wales said he expects the company will be forthcoming with the data surrounding the hack.
“We have had historically a good relationship with Colonial as well as the cybersecurity firms that are working on their behalf. We do expect information to come from that, and when we have it, we will use it to help improve cybersecurity more broadly.”
Wales added that it is “not surprising” that CISA has not received the information given that it is “fairly early,” noting that the hack took place just days ago.
Colonial Pipeline, which funnels refined gasoline and jet fuel from Texas to New York, first said in a statement late Friday that it was closing 5,500 miles of pipeline in an attempt to contain the breach. The hack targeting the company is not believed to have obtained data on Colonial’s operations, but the pipeline was shuttered in an attempt to contain the damage.
The energy company transports 2.5 million barrels each day, supplying fuel from the Gulf Coast to New York Harbor and many of the Empire State’s major airports. The FBI confirmed Monday that criminal ransomware gang DarkSide is believed to be responsible for the hack.
The nation is already on edge over cyber intrusions after an attack by Russian intelligence operatives targeting SolarWinds and another hack by Chinese agents against Microsoft. Those attacks focused on data retrieval but created opportunities for operatives to target physical infrastructure in the future.