DHS Cyber Agency Still Waiting for Tech Info About Colonial Pipeline Breach Brandon Wales, Acting Director Cybersecurity and Information Security Agency at U.S. Department of Homeland Security speaks during a Senate Homeland Security and Governmental Affairs Committee hearing May 11, 2021 on Capitol Hill in Washington, D.C. (Sarah Silbiger-Pool/Getty)
By Fran Beyer | Tuesday, 11 May 2021 03:23 PM
Colonial Pipeline has not shared important technical information with the Department of Homeland Security’s cyber agency about the breach that crippled its fuel supply, Politico reported Tuesday.
The revelation came in remarks to the Senate Homeland Security Committee from acting Cybersecurity and Infrastructure Security Agency director Brandon Wales.
“Right now, we are waiting for additional technical information on exactly what happened at Colonial so that we can use that information to … protect other potential victims down the road,” Wales said.
It’s not surprising that Colonial has yet to provide CISA with detailed technical data, Wales told the committee members. Politico noted the agency typically has to rely on voluntary cooperation from victims of cyberattacks as there isn't a regulatory requirement to share information about hacks to the federal government.
“They've only been working on the incident response since over the weekend, and it's fairly early,” Wales told committee members.
“We have had, historically, a good relationship with both Colonial as well as the cybersecurity firms that are working on their behalf,” Wales said. “We do expect information to come from [the ongoing incident response], and when we have it, we will use it to help improve cybersecurity more broadly.”
Colonial didn’t contact the agency after discovering the ransomware attack, Wales said. Instead, the company contacted the FBI, which then brought in CISA.
Wales told committee members he didn’t think Colonial would have ever contacted CISA at all if it weren’t for the FBI, the news outlet reported.
CISA officials have repeatedly said a top priority is raising awareness of their agency’s work among critical infrastructure operators, but many companies still don’t know why it’s important to contact the agency or how the agency can help them after a hack.
The attack on Colonial Pipeline last week was one of the most disruptive digital ransom schemes ever reported and has sent shockwaves across the industry.
The resulting shutdown has disrupted fuel supply across the eastern United States, triggered isolated sales restrictions at retail pumps and pushed benchmark gasoline prices to a three-year high.
U.S. lawmakers urged stronger protections for critical U.S. energy infrastructure, and the White House has made restarting the fuel network a top priority and organized a federal task force to assess the impact and avoid more severe disruptions.