A Russia-linked cyberattack targeting the largest U.S. fuel pipeline system is a “criminal act, obviously,” President Joe Biden said Monday.
“The agencies across the government have acted quickly to mitigate any impact on our fuel supply,” the president said at the White House at the start of remarks about his economic agenda.
Biden, responding to a reporter’s question after he concluded his prepared statement about whether there is any evidence of involvement of Russia’s government, replied: “I’m going to be meeting with President (Vladimir) Putin. And so far, there is no evidence based on — from our intelligence people that Russia is involved.”
Biden added, however, with evidence that the ransomware actors are based in Russia, the government in Moscow has “some responsibility to deal with this.”
A member of the House Armed Services Committee, Arizona Democrat Ruben Gallego, said, “The Russian government cannot give refuge to these cyber terrorists without repercussions.”
Colonial Pipeline, headquartered in the state of Georgia, proactively shut down its operations on Friday after ransomware hackers broke into some of its networks, according to U.S. officials.
“Colonial is currently working with its private cybersecurity consultants to assess potential damage and to determine when it is safe to bring the pipeline back online,” homeland security adviser and deputy national security adviser Elizabeth Sherwood-Randall told reporters during a briefing prior to the president’s remarks.
“While this situation remains fluid and continues to evolve, the Colonial operations team is executing a plan that involves an incremental process that will facilitate a return to service in a phased approach,” the company said in a statement issued Monday afternoon. “This plan is based on a number of factors with safety and compliance driving our operational decisions, and the goal of substantially restoring operational service by the end of the week.”
The incident is sending domestic gasoline prices to a seven-year high.
“We don’t see a supply issue,” said White House press secretary Jen Psaki.
A group calling itself Darkside, a Russian cybercrime gang, released a statement Monday saying its goal with the attack was to “make money, and not creating problems for society.”
The statement, which did not mention how much money the hackers are seeking, said it would launch checks on fellow cybercriminals "to avoid social consequences in the future,” adding the group is "apolitical" and does not need to be tied to any particular government.
The U.S. government issued a rare emergency declaration Sunday after the cyberattack choked the transportation of oil to the eastern United States.
“The FBI confirms that the Darkside ransomware is responsible for the compromise of the Colonial Pipeline network,” said the Federal Bureau of Investigation in a statement midday Monday. “We continue to work with the company and our government partners on the investigation.”
The FBI has previously advised against paying ransomware. White House officials on Monday said it was up to companies to make that decision and declined to say whether Colonial Pipeline had made a payment to the hackers.
"Typically, that is a private sector decision, and the administration has not offered further advice at this time,” deputy national security adviser for cyber and emerging technologies Anne Neuberger told White House reporters. “Given the rise in ransomware, that is one area we are definitely looking at now to say what should be the government’s approach.”
Some lawmakers have been calling for stronger protections of critical U.S. energy infrastructure and that has been mentioned as a priority by the Biden administration, which last month launched a new public-private initiative to enhance cybersecurity in the electricity sector.
“And we'll follow that with similar initiatives and natural gas pipelines, water and other sectors,” said Biden on Monday.
The emergency declaration, issued by the Transportation Department, effective through at least June 8, calls for increasing alternative transportation routes in the United States for oil and gas and eased driver regulations for overtime hours and minimum sleep for carrying fuel in 17 states across southern and eastern states, as well as the District of Columbia.
“We are closely monitoring the ongoing situation involving Colonial Pipeline,” Suzanne Lemieux, operations security and emergency response policy manager for the American Petroleum Institute, told VOA.
“Cybersecurity is a top priority for our industry, and our members are engaged on a continuous basis with government agencies, including the Transportation Security Administration, Cyber Security and Infrastructure Security Agency, and the Department of Energy in order to mitigate risk and fully understand the evolving threat landscape,” she added.
Concerning speculation that there are links between the hackers and the Russian government, “we can assume anything we want to, which is part of the gamesmanship in cyberwar,” said Justin Pelletier, director of Rochester Institute of Technology’s Global Cybersecurity Institute Cyber Range and Training Center.
“I think a better question to ask is who we can cross off the list. There are many beneficiaries of cyber sell-sword (mercenary) activity and probably everyone can think of several organizations that would like to see an America in decline,” Pelletier told VOA.
According to Bryson Bort, senior fellow for cybersecurity and emerging threats at the nonprofit R Street public policy research organization, the malicious code used by Darkside “actively checks that the Russian language package isn’t loaded on a host before it ransoms the computer. Clearly, there is a reason the gang is doing that. Is it just to avoid local enforcement?”
Bort, an adviser to the Army Cyber Institute, told VOA it is an open question whether Russian intelligence is using the cybercriminals as a proxy.
“Considering this was the fourth U.S. company hit in the energy sector in the last six months by this group, it sure looks like a targeted attack to me,” he said.