Biden administration officials have privately voiced frustration with what they see as Colonial Pipeline’s weak security protocols and a lack of preparation ahead of the crippling ransomware attack that could have allowed hackers access, officials familiar with government’s initial investigation into the incident told CNN.
Because their investigation is still ongoing, Colonial has yet to share information with the federal government about the vulnerability the ransomware group DarkSide took advantage of to infiltrate the fuel company, according to a top official with the Cybersecurity and Infrastructure Security Agency. The FBI initially told CISA about the attack, not Colonial Pipeline, the agency’s acting director told lawmakers on Tuesday.
Secretary of Homeland Security Alejandro Mayorkas suggested at a White House briefing Tuesday that the administration is examining Colonial Pipeline’s vulnerabilities.
“In cybersecurity, one is only as strong as one’s weakest link. And therefore we are indeed focused on identifying those weak links.”
Colonial Pipeline declined to comment on the suggestion members of the administration are frustrated.
US officials are also working to track down the specific actors responsible for the breach, according to two people familiar with the federal response, a key part of the broader effort to bring the individual hackers to justice.
The internal tensions underscore the stark challenge facing the Biden administration as it continues to grapple with the fallout from the brazen ransomware attack on the country’s critical infrastructure despite having limited access to the private company’s systems and technical information about the vulnerabilities exploited by the hackers.
“Our understanding is that that is part of the investigation that Colonial’s response vendor is still undertaking. That information has not yet been shared with the US government,” CISA Executive Assistant Director for Cybersecurity Eric Goldstein told CNN in a phone interview.
Colonial Pipeline also did not contact CISA in the wake of the cyberattack, according to a senior cyber official at the agency, Brandon Wales.
“They did not contact CISA directly,” he told lawmakers during a hearing on Capitol Hill Tuesday. “We were brought in by the FBI after they were notified about the incident.”
Still, US officials want to go on the offensive, and believe identifying the individual hackers who targeted Colonial Pipeline is one way of deterring future ransomware attacks.
“This was a gross miscalculation on the hackers’ part,” said one of the people, who noted that the hackers likely had not anticipated that their attack would lead to the shutdown of the US’ largest refined products pipeline system, spurring emergency White House meetings and a whole-of-government response.
The hackers operated under the banner of a relatively new ransomware group known as DarkSide, according to the FBI. Because DarkSide effectively operates under a “hacker services for hire” structure, US officials want to identify the specific actors who carried out the attack in the group’s name, the people familiar with the matter said.
Read the full story here.