At a press conference listing all the actions taken thus far by the White House to respond to the ransomware attack on the Colonial Pipeline, officials acknowledged that the primary onus on protecting the country from attacks on critical infrastructure remains outside the White House's hands.
The message reignites an ongoing debate about how cybersecurity should be managed for critical infrastructure sectors, where entities are typically owned and operated in the private sector, but where implications of a cyberattack bring far reaching national security implications.
"When those companies are attacked, they serve as the first line of defense, and we depend on the effectiveness of their defenses to improve the cybersecurity of our critical infrastructure," said Homeland Security Advisor Elizabeth Sherwood-Randall of critical infrastructure.
Most critical infrastructure in the United States is owned by the private sector, a theme Sherwood-Randall and Anne Neuberger, deputy national security advisor for cyber and emerging technology, focused on during the Monday conference. While the White House has convened the Department of Energy, Cybersecurity and Infrastructure Security Agency, the FBI, the Department of Transportation, Treasury and the Department of Defense to work on the investigation and aftermath of a ransomware attack jeopardizing as much as 45 percent of the East Coast's fuel supply, Colonial owns the arena where the main battle is being fought. Colonial has told government stakeholders that a shutdown of the pipeline was a precautionary measure to prevent the spread of ransomware.
The White House said that it has been in touch with Colonial since Friday and has offered its assistance mitigating the ransomware, which Colonial has declined. Colonial told the administration it is working with its own cyber team.
In the interim, the White House has declared a state of emergency and has relaxed restrictions on trucking gas along the East Coast. The FBI has reiterated warnings about the ransomware strain used in the Colonial attack, for which indicators of compromise were already available. The White House also emphasized international efforts to defend against ransomware remain in place, including interventions like the Europol takedown of Emotet.
The FBI confirmed Monday that the DarkSide affiliate ransomware was responsible for the Colonial attack. DarkSide has been well established since October.
A press release from the media-friendly DarksSide group stated that the group was "apolitical" and not trying to cause chaos.
"Our goal is to make money," said the group.
"From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future," the group added.