May 10, 2021
WASHINGTON, D.C. – U.S. Senator Angus King (I-Maine) and Representative Mike Gallagher (R-Wisc.), co-chairs of the Cyberspace Solarium Commission, today issued the following statement after Colonial Pipeline announced it had shut down operations of the nation’s largest fuel pipeline in response to a ransomware cyberattack:
“We are disappointed, though unsurprised, to learn of the cyberattack that shut down 5,500 miles of pipeline operated by Colonial Pipeline. This interruption of the distribution of refined gasoline and jet fuel underscores the vulnerability of our national critical infrastructure in cyberspace and the need for effective cybersecurity defenses, including a robust public-private collaboration to protect both the pipeline system and electric grid, as well as the infrastructure of the telecommunications and financial services systems. This incident also underscores two of the more significant U.S. Cyberspace Solarium Commission recommendations.
“First, as mandated by the FY 2021 National Defense Authorization Act, the Federal government must understand the potential cascading effects of attacks that disrupt the conveyance of critical goods and services and prepare plans to ensure Continuity of the Economy.
“Second, the Colonial Pipeline disruption is a clear example of the need to create a new social contract between the Federal government and systemically important critical infrastructure. The systemically important critical infrastructure (SICI) entities, and their most vital systems and assets, are pressure points in our grid, and targets for both nation-state adversaries and criminal actors, allowing them to scale up the effects of cyber campaigns and thus the risk they can pose to the United States in peacetime and in crisis. It is well past time for the Federal government to enhance its partnership with these entities and ensure these companies are executing their security responsibilities effectively.
“The Cyberspace Solarium Commission was envisioned to be ‘the 9/11 commission that averts a cyber-9/11.’ One of the gravest lessons from the terrorist attack twenty years ago was that it was a failure of imagination. America can and must be better – we must be imaginative, and proactive, in navigating the threats of the Age of Cyber Aggression.”