华盛顿——能源部长詹尼弗·格兰霍姆说,在一次勒索软件网络攻击迫使美国最大的汽油管道关闭后,美国正“渡过”天然气短缺的难关。
格兰霍尔姆周五在接受美联社采访时说,问题在周四晚上达到顶峰,到周末大多数地区的服务应该会恢复正常。
“好消息是...她说,截至周五下午,加油站的停电比高峰时间减少了约12%,每小时约有200个加油站恢复服务。“在接下来的几天里,它仍将在系统中发挥作用,但我们应该很快就会恢复正常。''
5月7日,锁定计算机系统并要求赎金释放它们的黑客发起的网络攻击袭击了殖民管道。黑客没有控制管道操作,但这家总部位于佐治亚州的公司关闭了管道,以防止恶意软件影响工业控制系统。
殖民管道从德克萨斯州延伸到新泽西州,输送东海岸消耗的大约45%的汽油。关闭导致整个南方的水泵短缺,并清空了华盛顿特区的泵站。
总统乔·拜登称美国官员不认为俄罗斯政府参与其中,但表示“我们有充分的理由相信实施袭击的罪犯居住在俄罗斯。''
据《殖民报》报道,该公司周五在恢复全面服务方面取得了“实质性进展”,两名知情人士证实,该公司支付了约500万美元的赎金。
格兰霍尔姆和拜登政府的其他官员一样,敦促司机不要恐慌或囤积汽油。
“真的,汽油来了,”她说如果你拿的比你需要的多,就短缺而言,这就成了一个自我实现的预言。让我们和邻居分享一点点,每个人都应该知道在接下来的几天里会没事的。''
格兰霍尔姆的机构领导着联邦政府对勒索软件攻击的反应。她说,这一事件不仅显示了美国基础设施的脆弱性,也显示了个人电脑的脆弱性。格兰霍姆说,她86岁的母亲最近在她的iPad上遭受了勒索软件攻击。
“所以这种事情到处都在发生,”她说所有这些网络犯罪分子都从云和我们的连接中看到了机会。所以我们都必须非常警惕。这意味着我们必须在我们的设备上安装安全系统,而且就个人而言,我们不应该点击任何带有来自你不认识的人的附件的电子邮件。我是说它就在我们身边。''
她说,拜登本周签署了一项关于网络安全的行政命令,能源部和其他机构正在努力保护关键基础设施。
美国的许多管道基础设施,如Colonial,都是私有的。负责监管州际管道的联邦能源监管委员会(Federal Energy Registration Commission)主席本周表示,美国应该为类似于电力行业的管道建立强制性网络安全标准。
“简单地鼓励管道自愿采用最佳实践是对不断增加的恶意网络行为者的数量和复杂性的不足回应,”FERC董事长理查德·格利克说。
格兰霍尔姆周五表示:“我们肯定要看看它。”他补充说,管道组织有自愿标准。“即使它可能是私有的,但公众使用它。因此,我认为我们必须关注这一点,确保他们遵守最新和最伟大的标准。''
石油管道协会的发言人约翰·斯托迪拒绝对格利克的提议发表评论。该行业历来反对政府在网络安全方面的指令。
格兰霍尔姆说,在国会审议拜登的2.3万亿美元基础设施提案时,勒索软件攻击应该发挥作用。
“显然管道应该被认为是其中的一部分,”她说网络安全应该被视为其中的一部分。包括输电网在内的能源基础设施应该是其中的一部分。我们需要全面升级,希望两党都能对国家基础设施的升级感兴趣。''
Granholm: Normal service at gas pump likely by late Sunday
WASHINGTON -- Energy Secretary Jennifer Granholm says the nation is “over the hump” on gas shortages following a ransomware cyberattack that forced a shutdown of the nation’s largest gasoline pipeline.
Problems peaked Thursday night, and service should return to normal in most areas by the end of the weekend, Granholm said Friday in an interview with The Associated Press.
“The good news is that ... gas station outages are down about 12% from the peak” as of Friday afternoon, with about 200 stations returning to service every hour, she said. “It’s still going to work its way through the system over the next few days, but we should be back to normal fairly soon.''
A cyberattack by hackers who lock up computer systems and demand a ransom to release them hit the Colonial Pipeline on May 7. The hackers didn’t take control of pipeline operations, but the Georgia-based company shut it down to prevent malware from affecting industrial control systems.
The Colonial Pipeline stretches from Texas to New Jersey and delivers about 45% of the gasoline consumed on the East Coast. The shutdown has caused shortages at the pumps throughout the South and emptied stations in the Washington, D.C., area.
PresidentJoe Bidensaid U.S. officials do not believe the Russian government was involved, but said “we do have strong reason to believe that the criminals who did the attack are living in Russia.''
As Colonial reported making “substantial progress” Friday in restoring full service, two people briefed on the matter confirmed the company had paid a ransom of about $5 million.
Granholm, like other Biden administration officials, urged drivers not to panic or hoard gasoline.
“Really, the gasoline is coming,'' she said. “If you take more than what you need, it becomes a self-fulfilling prophecy in terms of the shortages. Let’s share a little bit with our neighbors and everybody should know that it’s going to be okay in the next few days.''
Granholm's agency is leading the federal response to the ransomware attack. She said the incident shows the vulnerability not only of U.S. infrastructure, but also personal computers. Her 86-year-old mother recently suffered a ransomware attack on her iPad, Granholm said.
“So it’s just happening everywhere,'' she said. “All these cybercriminals see an opportunity in the cloud and in our connectivity. And so we all have to be very vigilant. That means we’ve got to have security systems on our devices and individually we shouldn’t be clicking on any email with attachments from people you don’t know. I mean it’s just around us.''
Biden signed an executive order on cybersecurity this week, and the Energy Department and other agencies are working to protect critical infrastructure, she said.
Much of the U.S. pipeline infrastructure, like Colonial, is privately owned. The chairman of the Federal Energy Regulatory Commission, which oversees interstate pipelines, said this week that the U.S. should establish mandatory cybersecurity standards for pipelines similar to those in the electricity sector.
“Simply encouraging pipelines to voluntarily adopt best practices is an inadequate response to the ever-increasing number and sophistication of malevolent cyber actors,'' said FERC Chairman Richard Glick.
“We definitely have to look at it,” Granholm said Friday, adding that pipeline organizations have voluntary standards. “Even though it may be privately owned, the public uses it. So I think we have to look at that, making sure that they abide by the latest and greatest.''
John Stoody, a spokesman for the Association of Oil Pipe Lines, declined to comment on Glick's proposal. The industry historically has opposed government mandates on cybersecurity.
The ransomware attack should play a role as Congress considers Biden's $2.3 trillion infrastructure proposal, Granholm said.
“Obviously pipelines should be considered part of that,'' she said. “Cybersecurity should be considered part of that. Energy infrastructure, including transmission grids, should be part of that. We need to upgrade across the board, and hopefully there will be some interest in a bipartisan fashion to see an upgrade in the nation’s infrastructure.''
