After a Senate committee hearing yesterday, Colonial Pipeline’s president and CEO was back in front of Congress today, appearing before the House Committee on Homeland Security for a hearing about last month’s ransomware attack. There he expressed a need from private industry for the Federal government to pressure the hosts of these ransomware actors.
Joseph Blount, the top executive at Colonial Pipeline Company, again took responsibility for the payment of the ransom while appearing June 9 with Charles Carmakal, senior vice president and chief technology officer for FireEye Mandiant. FireEye Mandiant is one of three cybersecurity firms Colonial Pipeline currently has conducting a review of its systems and was the first called in to help respond to the attack.
“I think there’s no question that these threat actors are extremely capable,” Blount told the committee. “They’re housed in countries other than the U.S. We’re responsible as operators for our own internal security and our cybersecurity, but we need the government’s help to put pressure on the host countries so that we can stop these attacks before they start.”
The White House will look to do just that when President Biden broaches the topic of ransomware next week with Russian President Vladimir Putin at a June 16 summit in Geneva. Darkside, the ransomware group that has claimed responsibility for this attack is just one ransomware threat actor based in Russia.
Carmakal also expressed a need to define the terms of engagement in the cyber sphere from an offensive perspective. While he agreed that private companies should not be responsible for responding to cyberattacks in kind, he expressed a need for there to be some sort of offensive program and to clearly define how that should work.
“We need to make it more difficult for the actor to conduct their operations,” Carmakal responded when asked about the nation’s offensive capabilities. “There’s been a number of successes [in the nation’s response to cyberattacks] but I think there’s a lot of opportunity for us to go to do more to go more offensive. But I think we need to define what the rules of engagement are and what’s accepted, and what’s acceptable.”
The House Homeland Security Committee plans on holding another hearing June 15 to discuss the Federal government’s response to the Colonial Pipeline ransomware attack. The witnesses for that hearing have not yet been announced.