WASHINGTON (Dispatches) -- Energy Secretary Jennifer Granholm has called for more public-private cooperation on cyber defenses and said U.S. adversaries already are capable of using cyber intrusions to shut down the U.S. power grid.
“Even as we speak, there are thousands of attacks on all aspects of the energy sector and the private sector generally.” Granholm noted.
Colonial Pipeline Co. was hit in May with a crippling cyberattack by a ransomware group. The company temporarily shut down its gasoline distribution networks in the South before paying $4.4 million to the hackers.
Granholm urged energy companies to resist paying ransom. “The bottom line is, people, whether you’re private sector, public sector, whatever, you shouldn’t be paying ransomware attacks, because it only encourages the bad guys,” she said.
Regular cyberattacks, targeting everything from businesses to basic infrastructure, are the new normal, Commerce Secretary Gina Raimondo said Sunday.
“We should assume and businesses should assume that these attacks are here to stay and, if anything, will intensify,” she said.
The White House last week sent a letter to business leaders urging them to take ransomware attacks — in which hackers effectively hold a company’s systems hostage until money is paid — more seriously, she said.
“It is clear that the private sector needs to be more vigilant ... including small- and medium-sized companies. And also, President Biden has been clear that we are going to do more,” Raimondo said, pointing to the president’s sweeping infrastructure agenda.
The American Jobs Plan, which has stalled in Congress, includes $20 billion for states and localities to upgrade their defenses for energy infrastructure. There’s another $2 billion to boost protections for the electric grid in high-risk locations.
The commerce secretary shied away from suggesting the government should require businesses to beef up cybersecurity.
“Businesses know how to do this. It’s relatively inexpensive to do the simpler things like two-factor authentication,” she said. “At the moment we’re going to ... pursue that versus ... a little bit more heavy-handed approach.”
The cyberattack on the Colonial Pipeline caused gas distribution problems and panic buying in the Southeast. The world’s largest meat processing company was targeted in a separate attack.