White House briefing starting now, with Homeland Security Adviser Elizabeth Sherwood-Randall and Deputy National Security Adviser for Cyber and Emerging Technologies Anne Neuberger.
Sherwood-Randall: "Thus far, Colonial has told us that [its pipeline] has not suffered damage and can be brought back online relatively quickly, but that safety is a priority, given that it is never before taken the entire pipeline down."
A White House-convened interagency team with DOE, CISA, FBI, DOT, Treasury, and DoD "met throughout the weekend," Sherwood-Randall said.
Sherwood-Randall: “Right now there is not a supply shortage. We are preparing for multiple possible contingencies, because that's our job.”
Neuberger: “Right now, [Colonial has] not asked for cyber support [from] the federal government, but we remain available to meet their cybersecurity needs.”
Neuberger says the FBI has released a flash alert with indicators of compromise and mitigations for the DarkSide ransomware and recommends that all critical infrastructure companies consult this alert.
Neuberger: “This morning, the Department of Energy convened calls with the electricity and oil and gas sectors to keep them informed.”
Neuberger: WH launched new public-private partnership on ICS security in mid-April. DOE had lead for first 100-day sprint, on utilities. Subsequent sprints will focus on natural gas, water, and other sectors.
Neuberger: Biden admin efforts on ransomware have included FBI takedowns of criminal infrastructure, DOJ task force, CISA “counter-ransomware sprint” focused on small and medium-sized companies, and “greater international cooperation.”
Q: Has Colonial paid a ransom?
Neuberger: "Colonial is a private company, and we’ll defer any information regarding their decision on paying a ransom to them."
Neuberger: "Colonial is a private company, and we’ll defer any information regarding their decision on paying a ransom to them."
Neuberger: “Given the rise in ransomware, that is one area we're definitely looking at now to say, what should be the government's approach to ransomware actors and ransoms overall?”
Q: Supply shortages? Gas prices rising?
Sherwood-Randall: DOE's EIA analyzing "potential supply disruptions" and "price effects" right now. "We're working with other agencies to consider how, if necessary, we can move supplies to a place where it might be needed..."
Sherwood-Randall: DOE's EIA analyzing "potential supply disruptions" and "price effects" right now. "We're working with other agencies to consider how, if necessary, we can move supplies to a place where it might be needed..."
Q: Any ties between DarkSide and Moscow?
Neuberger: “At this time, we assess that DarkSide is a criminal actor, but that’s certainly something that our intelligence community is looking into.”
Neuberger: “At this time, we assess that DarkSide is a criminal actor, but that’s certainly something that our intelligence community is looking into.”
Q: Any sign that malware was close to jumping from IT to OT?
Neuberger: “In this case, I won’t speak to details here, because it’s subject to an investigation.”
Neuberger: “In this case, I won’t speak to details here, because it’s subject to an investigation.”
Q: Any sign that the goal was to disrupt the U.S. economy? Or was Colonial just a rich target?
Neuberger: “We don’t have further information about the intent of the perpetrators when conducting the ransomware hack against Colonial.”
Neuberger: “We don’t have further information about the intent of the perpetrators when conducting the ransomware hack against Colonial.”
Q: Is it a problem for the government’s visibility that Colonial hasn’t asked for cyber support?
Neuberger: Our goal is to be ready to help if they ask. "We’re standing by, but we’re happy that they are confident in their ability to remediate the incident.”
Neuberger: Our goal is to be ready to help if they ask. "We’re standing by, but we’re happy that they are confident in their ability to remediate the incident.”
Sherwood-Randall and Neuberger have left the briefing.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
