U.S. Energy Secretary Jennifer Granholm on Sunday called for more public-private cooperation on cyber defenses and said U.S. adversaries already are capable of using cyber intrusions to shut down the U.S. power grid.
“I think that there are very malign actors who are trying,” she said. “Even as we speak, there are thousands of attacks on all aspects of the energy sector and the private sector generally.”
Granholm noted, without mentioning the company by name, that Colonial Pipeline Co. was hit in May with a crippling cyberattack by a ransomware group, The Canadian Press reports. Colonial temporarily shut down its gasoline distribution networks in the southeastern U.S. before paying US$4.4 million to the hackers. She urged energy companies to resist paying ransom.
A day after Granholm spoke, the New York Times reported the U.S. Justice Department had recovered much of Colonial’s ransom to a Russian hacking collective, “turning the tables on the hackers by reaching into a digital wallet to snatch back millions of dollars in cryptocurrency.”
Investigators tracked the 75 Bitcoins the U.S. pipeliner had paid out “through a maze of at least 23 different electronic accounts belonging to DarkSide, the hacking group, before landing in one that a federal judge allowed them to break into, “ the Times explains, citing law enforcement officials and court documents. “The Justice Department said it seized 63.7 Bitcoins, valued at about $2.3 million. (The value of a Bitcoin has dropped over the past month.)”
But despite DOJ’s successful reverse heist, Granholm warned, “the bottom line is, people, whether you’re private sector, public sector, whatever, you shouldn’t be paying ransomware attacks, because it only encourages the bad guys.”
Granholm even spoke in favour of having a law that would ban paying such ransom, though “I don’t know whether Congress or the president is at that point,” she said.
Asked whether American adversaries have the capability now of shutting down the U.S. power grid, she replied: “Yes, they do.”
Former U.S. secretary of state Condoleezza Rice said the United States and other countries should talk to countries such as Russia, which is believed to be the origin on some ransomware attacks, about law enforcement and intelligence cooperation “to shut it down.”
Rice said this would “test the reality of how much the Russian government is or is not involved” in these attacks.
Granholm was on CNN’s State of the Union and NBC’s Meet the Press, and Rice appeared on Face the Nation on CBS.