May 13, 2021
WASHINGTON, D.C. – U.S. Senator Angus King (I-Maine), co-chair of the Cyberspace Solarium Commission, today pressed Captain Russell Holmes, Director of the Center for Offshore Safety, and Michael Minarovic, Chief Executive Officer of Arena Energy, on steps that their organizations are taking to secure the cyber systems and networks of America’s critical infrastructure. During a hearing of the Senate Energy and Natural Resources Committee amid a momentary gas shortage due to the ransomware attack on Colonial Pipeline, Senator King referenced past hearings in September 2020 and February 2019 in which he underscored the urgency of protecting America’s gas pipelines; in 2020, he specifically stated, “I’m very concerned with the cybersecurity of the gas pipeline system…I don’t think we are as secure as we think we are.”
SENATOR KING: “Sometimes I hate to be right; three years ago I sat right here and cross-examined a representative from [the Federal Energy Regulatory Commission] about the failure to adequately regulate pipelines because of the cyberthreat. I can guarantee that your systems are vulnerable to cyberattack today. Whatever you tell me, I can guarantee that Putin’s hackers could be in there within several weeks. Your SCADA systems are vulnerable, the valve turnings are vulnerable, what kind of strong systems do you have in place – well let me rephrase that question – would you accept regulation by the FERC or some other agency of the federal government to ensure cyber protection? Because right now you’re vulnerable and we just saw this weekend we saw what that can mean.”
CAPTAIN HOLMES: “Senator, yes. I think a collaborative approach between the industry and the whole of government is necessary across the entire nation for cybersecurity...”
SENATOR KING: “Well I hope you will continue that work, and Mr. Minarovic, I hope you will take this seriously. We keep getting wake up calls. And we keep not being fully awake, and so I just can’t emphasize more how serious this threat is. I’ve spent the last two years as a co-chair of the national Cyberspace Solarium Commission and what’s come through to me is the urgency of this problem and we keep learning how serious it is, and are you – I assume you’re heavily focused on this threat.”
MINAROVIC: “Yes sir. And obviously [the] Colonial situation brought it to a new level. Our IT department, this morning actually, updated us on some methods we’re using and were backing up our data regularly and we have an offsite facility in Indianapolis to have back-ups put separately from our Houston location. We have blocked all access outside of the United States and we have two-factor authority to access that data.”
Earlier this week, Senator King shared his perspective and insights on the security implications with CNN, where the host referred to him as “The Godfather of Cybersecurity” due to his lengthy track record of focus on America’s cyberposture against foreign nations and rogue actors.
Senator King is a leader in urging the United States to strengthen the security of energy infrastructure – in August 2020, he pushed top officials in charge of cybersecurity and energy systems in the U.S. Department of Energy (DOE), FERC, and private sector companies on the importance of regularly red teaming and penetration testing (pentesting) their own infrastructure to identify cybervulnerabilities and bolster their defenses. In December 2019, his Securing Energy Infrastructure Act, bipartisan legislation also cosponsored by Senator Jim Risch (R-Idaho), was enacted into law. The legislation passed as part of the FY2020 National Defense Authorization Act (NDAA), and will develop defenses for the U.S. energy grid through partnerships between the National Laboratories and industry. The partnerships will utilize engineering concepts to remove vulnerabilities that could allow hackers to access the grid and the nation’s critical infrastructure. Earlier in 2020, Senator King has joined members of Cyberspace Solarium Commission to detail CSC’s recommendations before the Senate Armed Services Subcommittee on Cyber, the House of Representatives Committee on Armed Services, the House of Representatives Committee on Homeland Security, and the Senate Committee on Homeland Security and Government Affairs.
In addition to Captain Holmes and Mr. Minarovic, today’s hearing featured testimony from Amanda Lefton, Director of Bureau of Ocean Energy Management, U.S. Department of the Interior; and John Bel Edwards, Governor of the State of Louisiana.