Chair Cantwell On Cyber Threats to Energy Infrastructure: Colonial Pipeline Attack “The Tip of the Iceberg”

July 27, 2021


“I was very aggressive with the Trump administration about this. I plan to be very aggressive with the Biden administration about this as well.”

WASHINGTON, D.C.— U.S. Senator Maria Cantwell (D-WA), Chair of the Senate Commerce, Science, and Transportation Committee, today convened a hearing to further review the federal response to the cyberattack on Colonial Pipeline Company and examine what additional actions must be taken to strengthen America’s cybersecurity defenses and better protect our nation’s critical infrastructure. The Committee heard testimony from Transportation Security Administrator David Pekoske, Department of Transportation (DOT) Deputy Secretary Polly Trottenberg, and Acting Director of Homeland Security and Justice at the Government Accountability Office, Leslie Gordon.

“Earlier this year, a ransomware attack on Colonial Pipeline caused the company to shut down its pipeline system that supplies nearly 50 percent of all fuel for the East Coast,”Chair Cantwell said. “This incident underscores the potential consequences any single cyber-attack can have on our daily lives and the need to better manage and bolster cybersecurity for our critical infrastructure.”

Chair Cantwell went on to discuss the risks of failing to harden our energy infrastructure and reduce our vulnerability to potentially crippling cyber attacks.

“The rapid growth in the number and sophistication of cyber-attacks is the alarm bell ringing about the need to immediately bolster the cybersecurity of our critical infrastructure,” Chair Cantwell said. “If we don’t, it is only matter time before we will see another crippling cyber incident that will have an even more catastrophic impact than we saw with Colonial Pipeline.”

Chair Cantwell has been warning for years about America’s vulnerability to an attack of this kind—even issuing this warning during a 2017 Energy and Natural Resources hearing“There is the issue of cybersecurity that keeps me up at night, thinking about potential hacks from Russia or foreign actors, as we see large-scale attacks happening in other places. If we do not make the necessary investments to prevent, defend against and minimize the impact of these cyberattacks, our enemies may succeed in causing us a widespread blackout or devastation to our economy.”

In 2018, Cantwell joined Representative Frank Pallone (D-NJ) to demand immediate action from the Department of Homeland Security (DHS) on a series of recommendations from the Government Accountability Office (GAO). According to Leslie Gordon, the witness from the Government Accountability Office (GAO), her agency has over 950 open recommendations about cyber security across the federal government. All three witnesses agreed with Chair Cantwell that more needs to be done to address these vulnerabilities.

Earlier this year, Chair Cantwell wrote to Biden DHS Secretary Alejandro Mayorkas pressing for further action and announcing that she would be convening today’s hearing focused on the issue as well.

Cantwell also pledged at today’s hearing to continue being active on this issue, saying: “I was very aggressive with the Trump Administration about this. I plan to be very aggressive with the Biden Administration about this as well. This is just not acceptable after the Colonial Pipeline. It wasn't acceptable before, but now we know how serious the threat can be…There are things that can be done. We should be doing them now.”

Cantwell has been the leading voice on protecting critical U.S. infrastructure, including energy infrastructure such as the electric grid and oil and gas pipelines, from cyber attacks. On March 12, 2017, and June 22, 2017, Senator Cantwell sent letters to President Trump calling on him to defend energy infrastructure and to instruct DOE to conduct an analysis of Russian capabilities with respect to cyber attacks on U.S. energy infrastructure.

In hearing after hearingCantwell has pressed for increased collaboration between the government, private sector, utilities, military, and academia to protect U.S. energy infrastructure from cyber attacks. And in July 2018, Cantwell and Senator Lindsey Graham (R-SC) sent a bipartisan letter to President Trump calling for greater action from the federal government to defend the U.S. energy grid from cyber attacks.