In May, the Eastern European crime group DarkSide shut down the Colonial Pipeline for six days. The pipeline is a critical piece of infrastructure that provides 45% of fuel for the East Coast. The shutdown left thousands of service stations without gas and pushed prices to the highest levels in six years. Ultimately, Colonial Pipeline made the controversial decision to pay $4.4 million in ransom to get the pipeline back online. But just a few weeks before, we warned that such attacks were possible, urging lawmakers to take action.
While the Colonial Pipeline attack is hardly the first time hackers have targeted U.S. energy infrastructure, the attack has been the most devastating so far. Thankfully, the attacks spurred U.S. policymakers to respond.
“Given that cybersecurity touches every aspect of our government and our lives — from our laptops to the internet of things — the U.S. desperately needs centralized leadership to coordinate the federal response to improve our defenses,” Sen. Angus King, I-Maine, and co-chairman of the Cyberspace Solarium Commission said in a statement.
Two new cybersecurity leaders have been sworn in. In a rare show of bipartisanship, the Senate unanimously confirmed two of President Biden’s nominees for critical cybersecurity posts. Chris Inglis has taken up his helm as the first national cyber director, and Jen Easterly took up the leadership reigns at Cybersecurity and Infrastructure Security Agency (CISA). Easterly and Inglis will lead efforts to mitigate cyberattacks and work toward national cyber readiness. In his role, Inglis will serve in the national cyber strategy across sectors, connecting government, private industry, law enforcement, and the intelligence community under one cyber suite. Easterly will work to build the CISA’s reach within the private sector.
Besides the appointments of Inglis and Easterly, the Biden Administration is ratcheting up cybersecurity efforts in other areas as well. For example, the Department of Homeland Security has released a new security directive that will force “owners and operators of TSA-designated critical pipelines to implement specific mitigation measures to protect against ransomware attacks and other known threats to information technology and operational technology systems, develop and implement a cybersecurity contingency and recovery plan, and conduct a cybersecurity architecture design review.”
On the heels of these new cybersecurity measures, the Biden Administration revealed that Chinese hackers targeted more than a dozen pipelines nearly a decade ago. The disclosure of this previously classified information underscores the need to protect critical U.S. energy infrastructure.
For years, we’ve sounded the alarm that protecting energy infrastructure from cyberattacks is crucial for the daily lives of Americans. Fortunately, it seems lawmakers have learned something from the recent attacks, ensuring that the U.S. domestic energy supply will remain affordable and reliable.