Bloomberg News reported yesterday that Colonial Pipeline paid nearly $5 million to Eastern European hackers last week. Bloomberg’s story contradicted reports earlier this week that the company had no intention of paying an extortion fee to help restore the country’s largest fuel pipeline (“according to two people familiar with the transaction”):
The company paid the hefty ransom in difficult-to-trace cryptocurrency within hours after the attack, underscoring the immense pressure faced by the Georgia-based operator to get gasoline and jet fuel flowing again to major cities along the Eastern Seaboard, those people said. A third person familiar with the situation said U.S. government officials are aware that Colonial made the payment.
As a matter of public policy, this seems like a bad idea — not that I have a better one. Something needs to be done. What it is remains unclear. In order to create the illusion that it was doing something useful, the Biden administration promulgated a lengthy executive order “on improving the nation’s cybersecurity.”
The executive order departs from the classic nonresponse to difficult issues of national security and public policy that cannot be avoided. The classic nonresponse is the appointment of a commission to address the issues. Assuming Kamala Harris didn’t have anything to do with it, I think such a commission might actually be useful in this case. It would certainly be more useful than the executive order and Biden’s pathetic comment, reported by the New York Times:
In his remarks on Thursday, Mr. Biden seized on the Colonial Pipeline hack as further proof that the United States needed to improve its critical infrastructure, and he urged lawmakers to back his $2.3 trillion proposal to rebuild roads, bridges, pipelines and other projects.
Did no one laugh?
“We do not believe the Russian government was involved in this attack, but we do have strong reason to believe that the criminals who did the attack are living in Russia, that’s where it came from,” Biden said, citing findings from the FBI.
“We have been in direct communication with Moscow about the imperative for responsible countries to take decisive action against ransomware networks,” he noted. “We are also going to pursue a measure to disrupt their ability to operate.”
Asked directly if he was confident Russian President Vladimir Putin was not involved, Biden emphasized that the FBI did not believe Putin was involved.
Biden said he would likely discuss the attack with Putin at some point.
I can only imagine the uses to which these comments would be put by the Democrat/MSM Axis if Trump were still president.
Quotable quote (Biden): “Private entities are in charge of their own cybersecurity. We know what they need, they need greater private sector investment in cybersecurity.”