Federal cyber agency says it needs more info to prevent another Colonial Pipeline-style cyberattack

The leadership of a federal cybersecurity agency told Congress on Tuesday it does not yet have the technical information necessary to prevent future cyberattacks similar to the one hitting Colonial Pipeline, a major supplier of U.S. fuel.

The pipeline was hit by a ransomware attack, which involves malicious software holding data or systems hostage until victims pay the attackers in exchange for restored access. Colonial Pipeline has said it provides nearly half of all fuel consumed on the East Coast.

As the pipeline and the federal government work to fight the cyberattack threatening fuel shortages, the Cybersecurity and Infrastructure Security Agency (CISA) told the Senate it is waiting on the technical information necessary to protect other potential victims in America’s critical infrastructure. 

“You still don’t have the information you need to be able to be responsive and provide support to critical infrastructure, is that what you’re saying?” asked Sen. Rob Portman, Ohio Republican, at a Homeland Security and Governmental Affairs Committee hearing. 

“Yes, but that is not surprising given that it’s, they’ve only been working on the incident response since over the weekend and it’s fairly early,” said Brandon Wales, CISA acting director. “We will, have had historically good relationship[s] with both Colonial as well as the cybersecurity firms that are working on their behalf. We do expect information to come from that and when we have it, we will use it to improve cybersecurity more broadly.”

Mr. Wales told the Senate Committee that Colonial Pipeline did not contact his agency and would not likely have done so if the FBI had not brought the agency in to assist with the response to the cyberattack. CISA is the federal civilian agency tasked with developing the nation’s ability to defend against cyberattacks, including those targeting critical infrastructure. 

The FBI formally attributed the cyberattack against the pipeline on Monday to Darkside ransomware. The attackers behind the ransomware are believed to be in Eastern Europe and the Biden administration has indicated that the cyberattack looks to be the work of criminals and not a government.