Lawmakers on Capitol Hill are clamoring for the U.S. government to better communicate what it’s doing to fend off foreign hackers, a concern that has come front and center in recent days as Americans have queued up at gas stations following a ransomware attack against a major U.S. pipeline company.
Colonial Pipeline, the largest pipeline in the country, temporarily had to shut down operations earlier this month in response to a ransomware attack impacting its IT networks. The company shut down operations to prevent the malicious software from spreading to its operational networks.
The incident has raised questions about the fragility of U.S. critical infrastructure cybersecurity, and Rep. Elissa Slotkin, D-Mich., indicated Friday she wants the U.S. government to tell the American people more about what it’s doing to try to prevent these kinds of attacks in the first place.
”It is so hard to explain to the American public what we’re doing to respond when they see these very visible attacks whether they’re from a foreign entity and ransomware and whatnot,” Slotkin explained during a House Armed Services Committee hearing Friday. “Our constituents, they are on the front line of the attacks and yet … they don’t know what their country is doing to respond. And I know that that’s a difficult position for you all — what you do should be under the radar.”
Rep. Seth Moulton, D-Mass., raised similar concerns that Americans don’t have a clear picture of how U.S. government entities, such as the National Security Agency, Cyber Command, Department of Homeland Security and FBI, coordinate their efforts to prevent foreign hacking.
NSA Director Gen. Paul Nakasone — who also serves as commander of Cyber Command, the Department of Defense’s offensive cyber unit — suggested during the hearing that interagency coordination to protect the U.S. presidential elections was well-executed in both 2018 and 2020.
“There could not have been a closer partnership between U.S. Cyber Command, the National Security Agency, the Federal Bureau of Investigation and the Department of Homeland Security,” Nakasone said, referring to the efforts to protect the elections.
Moulton told CyberScoop following the hearing that if the government does good work to deter foreign hackers but doesn’t tell the American people about it effectively, some of those successes might be lost in translation.
“Our federal cyber organizations are doing great work, but I worry when I see that large portions of the population do not recognize or accept that work is happening. Take, for example, the excellent work to protect the 2020 elections,” Moulton told CyberScoop. “The cyber community can do all the good work in the world to defend critical infrastructure and networks, but if the general population doesn’t trust that work and assumes infrastructure and networks have been compromised, we still have major problems.”
The NSA declined to comment for this story. The White House and Cyber Command did not immediately return requests for comment.
The lawmakers’ concerns follows a whole flurry of high-profile hacking incidents — namely the Russian government’s hacking of federal contractor, SolarWinds, which affected hundreds of companies and nine federal agencies, as well as the suspected Chinese hacking of Microsoft Exchange Server.
It’s not entirely clear what Americans think about the U.S. government’s efforts to share information about deterring foreign hackers. In a Gallup survey released in March, 82% of Americans said they think “the use of computers to cause disruption or fear in society” — what the survey called “cyberterrorism” — will be a “critical threat” to the U.S. over the coming decade. Only 2% of Americans said it is not a critical threat.
Those numbers, of course, don’t speak to what Americans think about deterrence or whether they think the government is doing enough to deter foreign hackers.
But the recent ransomware incident that hit Colonial Pipeline and the following panic-buying of gasoline that occurred in several states on the East Cost of the country could be a harbinger of a future in which more Americans come face to face with the second and third order effects of foreign hacking.
Slotkin’s concerns about foreign hacking aren’t just about communicating to the American people. Following years of foreign government hackers targeting the U.S. private and public sector, Slotkin appears to also have concerns about whether the U.S. government has been responding adequately.
“There is a real sense that there is just no deterrence on a cyberattack, that a Russian group or a Chinese group can just attack us with impunity they can steal a million records … and we put out a strongly worded press release,” Slotkin said, referring to when Chinese hackers stole personal data on 22 million current and former federal employees.
The federal government has made many efforts in recent days to communicate what it is doing to respond to the Colonial Pipeline incident, from issuing waivers to encourage more fuel transports to White House cybersecurity officials speaking with members of the press to communicate the latest with the American people.
President Joe Biden also announced Thursday that the U.S. is planning to go after the Russian criminals behind the Colonial Pipeline ransomware attack, and didn’t rule out a retaliatory cyberattack against them.
As for deterring future hacks like this, there is some indication that all the furor about the Colonial Pipeline hack is having an impression. XSS, a popular underground forum, announced Thursday it would ban ransomware sales, rentals and affiliates, which could put a dent in future ransomware attacks.
Biden, too, said Thursday that he plans to raise the issue of governments like Russia allowing ransomware actors like DarkSide to operate with impunity from within their countries at an upcoming summit with his Russian counterpart.
Biden just this week also signed a sweeping executive order aimed at boosting federal contractors’ cybersecurity and reporting of cybersecurity incidents when they occur, which is intended to address issues inherent to the Colonial Pipeline attack as well as other recent hacking from Russia and China. The administration also attributed the SolarWinds hack to Russia’s Foreign Intelligence Service and expelled Russian officials in response to the SolarWinds espionage.
The NSA, for its part, stood up a directorate almost two years ago specifically focused on communicating threat information about foreign hacking to the public to boost cyberdefenses.
Fort Meade has also taken pains to get the NSA, the so-called “No Such Agency,” to become more public-facing in recent years. Just last year, following a report from CyberScoop that accounts were using Nakasone’s likeness to catfish women online, Fort Meade created official social media accounts for Nakasone.
Slotkin and Moulton both indicated they think more needs to be done to reassure Americans about the state of cybersecurity in the U.S. moving forward.
“We are going to need to figure out how to not just do it in the shadows but communicate to the American people that we’re not leaving ourselves open as this becomes the primary form of attack on the average American citizen,” Slotkin said.