Mark Warner calls for mandatory reporting of hacks after Colonial Pipeline attack

Senate Intelligence Committee Chairman Mark Warner, D-Va., called on Wednesday for legislation that would require private companies to report cyber attacks to the government in the wake of the ransomware attack on Colonial Pipeline that has sparked gas shortages in several states and raised fears of rising fuel prices.

“We have no actual system in place to make, whether it’s Colonial Pipeline or SolarWinds, or any other company, actually mandatorily report that information to the government in real time so that we can have a full-fledged response,” the Virginia Democrat said on CNBC’s “Squawk Box.”

Colonial Pipeline, which supplies about half of the east coast’s gasoline, ceased operations on Friday and said it was the victim of a ransomware attack. The Federal Bureau of Investigation has said that the hacker group DarkSide is responsible.

Warner said that mandatory reporting of hacks could be modeled on the National Transportation Safety Board and early warning systems in place in the financial sector. He said that the information that firms provide would be kept confidential and subject to limited protection from liability.

“We have treated cyber unfortunately as an afterthought for a long, long time,” Warner, a former technology investor and Virginia governor, said.

Warner has previously said that his committee is working with the White House national security advisors on legislation that would require mandatory reporting of cyber threats.

The number of companies that are getting hit on a regular basis with ransomware attacks and quietly paying in bitcoin or other cryptocurrencies, I think would shock most folks in business.

Mark Warner

Chairman, Senate Intelligence Committee

“The number of companies that are getting hit on a regular basis with ransomware attacks and quietly paying in bitcoin or other cryptocurrencies, I think would shock most folks in business,” he added.

In addition to mandatory reporting, Warner also said he supported the creation of a rapid response team to be made up of public and private sector technology experts. He said the team would include the FBI, the Cybersecurity and Infrastructure Security Agency, and firms like Amazon and Microsoft.

“We need a real time reaction team. And unfortunately, we don’t have that right now. Cyber is always a boring item until it hits home,” Warner said.

Virginia is one of at least 17 states and the District of Columbia to declare a state of emergency as a result of the pipeline hack. The pipeline company has said it expects to restore operations by the end of the week.

Warner also addressed Federal Reserve Chairman Jerome Powell’s comments last month, in an interview on CBS’s “60 Minutes,” naming cybersecurity as the No. 1 threat to the financial system. Warner said that, as head of the intelligence committee, cyber issues were one of his “top three” concerns.

“My concern is this: We see the effect of this ransomware attack against one pipeline. We saw, at the end of last year, the SolarWinds attack, which was generated by Russia, that hit 18,000 companies. Luckily that was only espionage, where they were trying to exfiltrate information,” Warner said.

“Let’s imagine what would happen if we combined — if suddenly you had somebody shutting down 18,000 companies across our economy,” Warner added. “We would come to a grinding halt.”

Read more: Spot gas shortages could worsen if Colonial Pipeline doesn’t reopen by the weekend

Subscribe to CNBC Pro for the TV livestream, deep insights and analysis.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: