Sen. Mark Warner (D-Va.), said Thursday that cyberattacks pose larger risks than conventional warfare, citing the recent SolarWinds and Colonial Pipeline hacks as examples of a “dramatically” different security environment that has taken shape over the past decade.
“It means a whole set of cyber risks that frankly keep me up more at night than traditional weaponry,” Warner said during an interview with The Hill’s Steve Clemons.
Warner, the chairman of the Senate Intelligence Committee, warned that attacks would continue to occur if countries like Russia and China continue pursuing cyberattacks as a way to target the U.S. Russian government-backed hackers compromised nine federal agencies and at least 100 private sector groups for most of last year by exploiting vulnerabilities in software from IT group SolarWinds.
The attack was first discovered in December. President Biden in April levied sanctions against Russia in retaliation.
“It’s very hard for any enterprise on their own to be 100 percent defensive and get it right all the time,” Warner said.
Criminal groups based in Russia were also linked to ransomware attacks in May on Colonial Pipeline, which provides around 45 percent of the East Coast’s fuel.
Software company Kaseya in July was also the target of a ransomware attack that only further inflamed concerns after roughly 1,500 companies were potentially impacted. That hack was linked to the same Russian-based cyber criminals responsible for the JBS USA attack, in which a meat production company was targeted.
The attacks sparked an urgency earlier this year to move on bills spearheaded by Warner that would call for mandatory reporting of major cyberattacks against critical infrastructure operators, federal government agencies and government contractors.
Warner said the issue has broad bipartisan support and that he hopes such measures could be passed in the next month. Groups that do not comply should face “some level” of sanction, he said.
“We’re not trying to shout out folks,” Warner said, adding that legislation would address attacked entities who would be provided with limited immunity and confidentiality protections.
“If they’re negligent, there may be some other things they have to grapple with, but we need to know,” Warner said.
The Virginia Democrat said the legislation is only one piece of protecting entities against cyber threats, adding that longer term solutions would require further public-private partnerships.
“There is nothing in the realm of cyber that the government alone can fix,” Warner said. “It has to be in collaboration with the private sector.”
The Hill’s “A More Perfect Union” festival is sponsored by Microsoft and Southern Company.