WASHINGTON – The Department of Energy is asking Congress for $201 million in its budget request for the fiscal year 2022 to address digital vulnerabilities after a steady uptick in sweeping cyber attacks.
The $201 million request, up from $157 million in 2021, will help bolster the federal agency’s cybersecurity efforts and address any “gaps” in the supply chain and tech infrastructure.
Secretary of Energy Jennifer Granholm told the Senate Armed Services Committee on Thursday that the Department also needs the funding to upgrade software, hire more cybersecurity professionals and to develop new cyber policies and standards.
“As we have seen, the Colonial Pipeline incident made it clear that the fact that we do not have cyber standards on pipelines like we do on the electricity sector, that suggests a major hole,” Granholm said referencing a sweeping ransomware attack on the nation’s largest gas pipeline.
“I will say that it is clear that there are gaps, not so much in our ability internally to respond but in our ability to see what is happening in the private sector,” she said, adding that the Biden administration was reviewing methods in which the private sector could better collaborate with the government on the heels of cyber attacks.
“What is not acceptable is the status quo,” Granholm said, adding that one option could be “to allow the government to have some visibility into the system since the public relies upon their system.”
The Biden administration is asking Congress for $9.8 billion for federal civilian cybersecurity in 2022, nearly a 15% increase over 2021. The Pentagon is requesting $10.4 billion in 2022 for its cybersecurity budget request.
The increased investment in cybersecurity follows a steady drumbeat of ransomware attacks that have directly impacted Americans and hampered logistics and services in the United States.
In April, Washington formally held Russia’s Foreign Intelligence Service responsible for carrying out the SolarWinds cyberattack. Microsoft President Brad Smith described the cyberattack as “the largest and most sophisticated attack the world has ever seen.” Microsoft’s systems were also infected with malicious software.
The Russian government denies all allegations that it was behind the SolarWinds hack.
Last month, a hacking group known as DarkSide with suspected ties to Russian criminals launched a ransomware attack on Colonial Pipeline, forcing the U.S. company to shut down approximately 5,500 miles of pipeline. It led to a disruption of nearly half of the East Coast’s fuel supply and caused gasoline shortages in the Southeast and airline disruptions.
Speaking after the DarkSide attack, Biden told reporters: “So far there is no evidence from our intelligence people that Russia is involved although there is evidence that the actor’s ransomware is in Russia, they have some responsibility to deal with this.” He added that he would discuss the situation with Russian President Vladimir Putin during their first face-to-face meeting in Geneva.
Ransomware attacks involve malware that encrypts files on a device or network that results in the system becoming inoperable. Criminals behind these types of cyberattacks typically demand a ransom in exchange for the release of data.
Earlier this month, Colonial Pipeline’s CEO told a Senate committee the company paid the $5 million ransom to the cybercriminals.
“I made the decision that Colonial Pipeline would pay the ransom to have every tool available to us to swiftly get the pipeline back up and running,” Joseph Blount Jr. told members of the Senate Homeland Security and Governmental Affairs Committee on June 8. “It was one of the toughest decisions I have had to make in my life,” he said.
The day before Blount testified, U.S. law enforcement officials announced that they were able to recover $2.3 million in bitcoin from the hacker group.
The FBI has previously warned victims of ransomware attacks that paying a ransom could encourage further malicious activity.
Less than a month after the cyber assault on Colonial Pipeline, Brazil’s JBS, the world’s largest meatpacker announced that it had fallen victim to a ransomware attack. The breach disrupted meat production in North America and Australia, triggering concerns over rising meat prices.
The company ultimately paid $11 million in ransom to a different Russian-based cybercriminal group, but not before it briefly shut down its entire U.S. operation.
Biden told reporters at the conclusion of his first meeting with Putin since ascending to the White House that he raised the issue of cyberattacks with his Russian counterpart.
“Certain critical infrastructures should be off-limits to attack, period, by cyber or any other means,” Biden said during a press conference in Geneva. “I gave them a list, 16 specific entities defined as critical infrastructure under U.S. policy, from the energy sector to water systems,” he added.
Biden’s identification of critical infrastructure as off-limits suggests a government response could be taken should state or non-state actors attack those sectors.
Putin has repeatedly denied having knowledge or involvement in the attacks.