White House briefing starting now, with Homeland Security Adviser Elizabeth Sherwood-Randall and Deputy National Security Adviser for Cyber and Emerging Technologies Anne Neuberger.
Sherwood-Randall: "Thus far, Colonial has told us that [its pipeline] has not suffered damage and can be brought back online relatively quickly, but that safety is a priority, given that it is never before taken the entire pipeline down."
A White House-convened interagency team with DOE, CISA, FBI, DOT, Treasury, and DoD "met throughout the weekend," Sherwood-Randall said.
Sherwood-Randall: “Right now there is not a supply shortage. We are preparing for multiple possible contingencies, because that's our job.”
Neuberger: “Right now, [Colonial has] not asked for cyber support [from] the federal government, but we remain available to meet their cybersecurity needs.”
Neuberger says the FBI has released a flash alert with indicators of compromise and mitigations for the DarkSide ransomware and recommends that all critical infrastructure companies consult this alert.
Neuberger: “This morning, the Department of Energy convened calls with the electricity and oil and gas sectors to keep them informed.”
Neuberger: WH launched new public-private partnership on ICS security in mid-April. DOE had lead for first 100-day sprint, on utilities. Subsequent sprints will focus on natural gas, water, and other sectors.
Neuberger: Biden admin efforts on ransomware have included FBI takedowns of criminal infrastructure, DOJ task force, CISA “counter-ransomware sprint” focused on small and medium-sized companies, and “greater international cooperation.”
Q: Has Colonial paid a ransom?
Neuberger: "Colonial is a private company, and we’ll defer any information regarding their decision on paying a ransom to them."
Neuberger: “Given the rise in ransomware, that is one area we're definitely looking at now to say, what should be the government's approach to ransomware actors and ransoms overall?”
Q: Supply shortages? Gas prices rising?
Sherwood-Randall: DOE's EIA analyzing "potential supply disruptions" and "price effects" right now. "We're working with other agencies to consider how, if necessary, we can move supplies to a place where it might be needed..."
Q: Any ties between DarkSide and Moscow?
Neuberger: “At this time, we assess that DarkSide is a criminal actor, but that’s certainly something that our intelligence community is looking into.”
Q: Any sign that malware was close to jumping from IT to OT?
Neuberger: “In this case, I won’t speak to details here, because it’s subject to an investigation.”
Q: Any sign that the goal was to disrupt the U.S. economy? Or was Colonial just a rich target?
Neuberger: “We don’t have further information about the intent of the perpetrators when conducting the ransomware hack against Colonial.”
Q: Is it a problem for the government’s visibility that Colonial hasn’t asked for cyber support?
Neuberger: Our goal is to be ready to help if they ask. "We’re standing by, but we’re happy that they are confident in their ability to remediate the incident.”
Sherwood-Randall and Neuberger have left the briefing.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
Senate Homeland Security Committee hearing on SolarWinds and federal cybersecurity is starting now: hsgac.senate.gov/hearings/preve…
In opening statement, ranking member Rob Portman questions why HHS didn't declare its SolarWinds breach to be a "major incident" per FISMA. He also questions why HSGAC learned from news reports that SolarWinds had hit DHS/CISA, including DHS secretary and incident responders.
In opening statement, Acting CISA Director Brandon Wales says one of CISA's top priorities this year is creating joint cyber planning office (authorized in NDAA) to strengthen public-private collaboration, which he says was key to successful SolarWinds/Exchange responses.
Biden addressed the Colonial Pipeline hack a few minutes ago.
"So far there is no evidence from our intelligence people that Russia is involved, although there is evidence that the actor's ransomware is in Russia. They have some responsibility to deal with this."
Biden was asked, if you can't protect U.S. critical infrastructure from a criminal gang, how can you protect it from a nation-state actor?
"We can do both," he responded, "and we will."
"This is something that our administration has been tracking extremely carefully, and I have been personally briefed every day," Biden said at the top of his remarks.
DHS just wrapped up a background briefing with senior officials on the department's cybersecurity agenda.
Nothing earth-shattering, but I'll share a few comments that stood out to me.
We've previously heard from Anne Neuberger that the Biden administration has an EO coming with mitigations related to the SolarWinds/Exchange vulnerabilities. Today, a senior DHS official told us that it will contain "close to a dozen actions."
DHS Sec Mayorkas will be discussing cyber tomorrow during an RSA event.
Per sr official, he will offer a "comprehensive vision" for using DHS/CISA to defend the country, incl through several "cybersecurity sprints" that he previously teased.
HSGAC Chair Gary Peters: “The process and procedures for responding to cyberattacks desperately needs to be modernized,” including by reforming FISMA and streamlining information sharing.
Peters: “It is clear from the gravity of this threat that we need to examine whether CISA, the FBI and other agencies have what they need to protect the American people.”
Interestingly, the National Intelligence Officer for Cyber disagreed with the conclusion that China didn't interfere. They put more stock in evidence showing that "Beijing preferred...Trump's defeat and the election of a more predictable member of the establishment instead."
In a separate document, DHS/CISA and DOJ/FBI say they investigated the right-wing conspiracy theories about foreign voting machine rigging and results tampering, and that they're "not credible." dhs.gov/sites/default/…