In Senate Hearing, Rosen Questions CEO of Colonial Pipeline About Recent Ransomware Hack, Highlights Bipartisan Legislation to Prevent Future Cyberattacks

WASHINGTON, D.C. – Today, during a hearing of the U.S. Homeland Security and Government Affairs Committee (HSGAC), U.S. Senator Jacky Rosen (D-NV) questioned Joseph Blount, President and CEO of Colonial Pipeline, on the recent ransomware attack the company experienced, and how the U.S. can improve critical infrastructure cyber vulnerabilities, including through Senator Rosen’s Cyber Sense Act, bipartisan legislation introduced last Congress that would improve our nation’s energy grid cybersecurity and resilience. A transcript of the Senator’s exchange can be found below, and a video of the Senator’s full exchange can be found aquí.

ROSEN: We know that a cyber-attack is what happened to [Colonial Pipeline]. Last Congress, I introduced the Cyber Sense Act, bipartisan legislation that would create a voluntary Cyber Sense program at the Department of Energy to test the cybersecurity of products and technologies intended for use in our bulk-power system. This bill also directs the Energy Secretary to consider incentives to encourage the use of analysis and testing results when designing products and technologies; although I think the incentive would be not to be hacked.

Mr. Blount, while the program my bill would establish is solely for electric utilities, do you think a similar program for pipelines would be helpful for gas companies like yours to collaborate and communicate and have some sense of what’s going on in the industry?

BLOUNT: Senator, thank you for that question. I think that’s a great program for electric utilities, and I think that would help our side of the business be more secure and less susceptible to any threats is a great idea.

BACKGROUND: Introduced Last Congress, the bipartisan Cyber Sense Act would:

  • Create a voluntary Department of Energy ‘Cyber Sense’ program that would identify and promote cyber-secure products for use in the bulk-power system.
  • Establish a testing process for the products along with a reporting process of cybersecurity vulnerabilities.
  • Require the Secretary of Energy to keep a related database on the products, which will aid electric utilities that are evaluating products and their potential to cause harm to the electric grid.
  • Direct the Secretary of Energy to consider incentives to encourage the use of analysis and results of testing under the program in the design of products and technologies for use in the bulk-power system.