CISA yet to obtain 'technical information' on Colonial Pipeline hack
The Cybersecurity and Infrastructure Security Agency (CISA) does not have the "technical information" on the Colonial Pipeline ransomware attack, the acting director told a congressional panel Tuesday.
Colonial Pipeline said on Saturday it was the victim of a cyberattack involving ransomware and had "proactively" halted all pipeline operations as a result. The 5,500-mile pipeline system transports approximately 45% of all fuel consumed on the East Coast, according to its website, and runs from Texas to New Jersey.
CISA, an arm of the Department of Homeland Security, is responsible for the nation's cyber infrastructure.
Brandon Wales, the acting director of CISA, told lawmakers on the Senate Homeland Security Committee that once the agency gets the information, it will be used to help protect other companies.
"We do expect information to come from that and when we have it, we will use it to help improve cybersecurity more broadly," he testified.
Wales also admitted that the company did not directly reach out to the agency in the moments following the cyber attack.
"We were brought in by the FBI after they were notified about the incident," he said.
"I think there is a benefit when CISA is brought in quickly because the information that we glean, we work to share it in a bigger fashion to protect other critical infrastructure," he explained.
The FBI said in a statement Monday it had been confirmed that DarkSide ransomware was responsible for the compromise of the Colonial Pipeline networks.
The FBI added that it will continue to work with the company and government partners on the ongoing investigation.
The DarkSide criminal organization allegedly operates in Eastern Europe. While federal officials are still trying to determine whether a foreign nation could be involved in the cyberattack, Russian intelligence has been known to cooperate with Eastern European cybercriminals in the past.
President Joe Biden said Monday there is currently "no evidence" that Russia is involved in the cyber attack.
"Although, there is evidence that the actors’ ransomware is in Russia," the president added. "They have some responsibility to deal with this."
Wales also said it "is not surprising" that DarkSide went after a company like Colonial Pipeline.
"We've seen this over the past two years, they're going after bigger players they get bigger ransoms. Ransoms last year went up to around $300,000 For the small ones and millions of dollars for the big ones," he said.
Wales got into the challenges in federal government cybersecurity, which is a combination of a lack of updating systems, hiring the right people and that tactics are changing at a fast clip.
He urged Congress to add more funding to CISA's budget.
Ranking Member Rob Portman said the Colonial Pipeline hack shows how cyber incidents can have real world impacts.
"This is a stark example of how the cyberattacks can have real demonstrable impacts on our economy international security, ask the people who are in East Coast states about what they're paying for gasoline today at the pump, and they will tell you it has impact," he said.
ABC News' Catherine Thorbecke contributed to this report.