The Biden Administration Just Delivered a Stark Warning About Ransomware

Ben Margot/AP

Let our journalists help you make sense of the noise: Subscribe to the Mother Jones Daily newsletter and get a recap of news that matters.Key oil and gas pipelines and one of the world’s largest meat suppliers have ground to a halt in recent weeks by cyberattackers who have demanded exorbitant ransoms. Today, Energy Secretary Jennifer Granholm offered a stark warning during her appearances on Sunday morning talk shows: The US power grid is vulnerable to those sorts of debilitating attacks, and the nation’s laws do not adequately address the growing issue.
“There are thousands of attacks on all aspects of the energy sector and the private sector generally,” Granholm told CNN’s Jake Tapper, adding that hackers “do” have the capacity to shut down the US power grid through their attacks.
The energy secretary’s warning arrives after last month’s cyberattack on Colonial Pipeline, which operates one of the country’s largest pipelines carrying refined gasoline and jet fuel. The attack forced the company to shut down 5,500 miles of pipeline and oil supply was choked on the East Coast for weeks—even after Colonial Pipeline ended up paying the $4 million the hackers had demanded. JBS, which supplies one-fifth of the world’s meat, identified a similar attack on its systems last week and shut down all beef production at its facilities in the aftermath. They did not respond to the hackers’ demands and restored operations days later, but the brief shutdown sparked panic over meat shortages and risks to other food providers. Ransomware attacks have become a pervasive threat beyond these recent high-profile events, shutting down everything from ferry rides to virtual classes, according to a recent analysis from the Washington Post.
Both of the recent prominent attacks are reportedly the work of Russian hackers and will be a subject of discussion between Biden and Russian President Vladimir Putin when they meet in Geneva, Switzerland, this week during Biden’s first international trip as president. 
Granholm noted that the Transportation Security Administration now requires pipelines to notify the Energy Department of ransomware attacks in real-time, a change intended to loop in the right experts before matters escalate. But the energy secretary acknowledged that cyber standards that are sufficiently robust to keep energy resources safe do not exist, and she encouraged companies to work with the Biden administration to establish guidelines. “There are basic standards, cyber standards, that they adhere to, cyber standards that are developed by the Department of Commerce,” Granholm explained, “and we need that same sort of regime with pipelines. And that does not exist at the moment.
She also advocated for a law banning companies from paying the ransom hackers demand. “We need to send this strong message that paying a ransomware only exacerbates and accelerates this problem,” Granholm said on NBC’s Meet the Press. “You are encouraging the bad actors when that happens.”
Granholm took the opportunity to connect these vulnerabilities with potential solutions offered in Biden’s American Jobs Plan, which would provide investments in the country’s power grids that could increase their resilience against such attacks.