Overnight Cybersecurity

Hillicon Valley: Colonial Pipeline attack underscores US energy's vulnerabilities | Biden leading 'whole-of-government' response to hack | Attorneys general urge Facebook to scrap Instagram for kids

Welcome to Hillicon Valley, The Hill's newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don't already, be sure to sign up for our newsletter by clicking HERE. 

Welcome! Follow our cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@chrisismills) and Rebecca Klar (@rebeccaklar_), for more coverage.

The nation's oil and gas sector was left reeling from a ransomware attack late last week that caused Colonial Pipeline to shut down operations that provide around 45 percent of the East Coast's oil. Officials and experts said Monday that the hack underscored vulnerabilities in the nation's critical utilities, while the Biden administration launched a "whole-of-government" response to address the crisis. Meanwhile, a group of attorneys general urged Facebook to abandon support for an Instagram for kids platform. 

 

ALL ABOUT COLONIAL PIPELINE'S BAD WEEK: 

THIS SEEMS FINE: The ransomware attack on Colonial Pipeline, the largest supplier of oil to the Northeast region of the United States, is underscoring just how vulnerable critical U.S. infrastructure is to cybercriminals in a way no previous attack has done, say U.S. officials and experts in the field.

The successful breach of Colonial Pipeline's IT system forced the company to shut down 5,500 miles of pipelines to ensure hackers could not gain access to its operational technology.

The attack was shocking in some ways in that it illustrated how vulnerable a critical and large company such as Colonial Pipeline was to increasingly frequent ransom attacks.

And it also showed such attacks have a far larger impact. The entire nation could see a rise in gas prices because of the attack on the pipeline, which carries around 45 percent of oil used on the East Coast and runs between Texas and New York.

Threats to critical infrastructure have built steadily in recent years, and over the past year during the COVID-19 pandemic have spiked, particularly as more work is done remotely and online.

Read more about the breach here. 

 

ALL HANDS ON DECK: President Biden and top administration officials said Monday they are taking a "whole of government" approach to both responding to the debilitating ransomware attack on Colonial Pipeline and to strengthening the security of critical utilities moving forward. 

"This is something my administration, our administration, has been tracking extremely carefully, and I have been personally briefed every day," Biden said during remarks on the economy Monday at the White House.

Top Biden administration officials stressed Monday that the federal government was taking an all-hands-on-deck approach to tackling the impact of the attack. 

"We are taking a multi-pronged and whole of government response to this incident and to ransomware overall," Anne Neuberger, Biden's deputy national security adviser for cyber and emerging technology, told reporters during the White House briefing Monday. 

Read more about the response here.

 

DARKSIDE OF LIFE: The FBI confirmed on Monday that criminal ransomware gang DarkSide is responsible for the cyberattack on the Colonial Pipeline network.

"The FBI confirms that the DarkSide ransomware is responsible for the compromise of the Colonial Pipeline networks. We continue to work with the company and our government partners on the investigation," the FBI wrote in a statement.

Read more about the attribution here.

 

COMING (BACK) SOON: The Colonial Pipeline Company said that it hopes to "substantially" restore the operations of its pipeline by the end of the week following a ransomware attack that led to its shutdown. 

It said in a statement that segments of the Colonial Pipeline, which transports oil from Texas to the East Coast, are being "brought back online in a stepwise fashion" and that its plan will take a "phased approach" for returns to service. 

"This plan is based on a number of factors with safety and compliance driving our operational decisions, and the goal of substantially restoring operational service by the end of the week," the statement said, noting that the company will provide updates on its progress. 

Read more here. 

IN OTHER NEWS...

DROP IT: A bipartisan group of 45 attorneys general are urging Facebook to abandon plans to launch an Instagram for kids platform, citing concerns about children's mental health and data privacy risks. 

"It appears that Facebook is not responding to a need, but instead creating one, as this platform appeals primarily to children who otherwise do not or would not have an Instagram account. In short, an Instagram platform for young children is harmful for myriad reasons. The attorneys general urge Facebook to abandon its plans to launch this new platform," the National Association of Attorneys General wrote in a letter Monday to Facebook.  

Facebook's plans about creating a version of Instagram for children under the age of 13 were first reported by BuzzFeed News in March, and the company has faced pushback from advocacy groups and lawmakers since.

Read more about the letter

 

SENATE IN SESSION: The Senate will vote on legislation aimed at countering China's economic influence this month, Majority Leader Charles Schumer (D-N.Y.) announced Monday.

The Senate Commerce Committee will mark up the bill Wednesday, a vote that was delayed after senators filed hundreds of potential amendments to the bill.

"The Senate Commerce Committee will begin to mark up the Endless Frontiers Act ... a number of other Senate committees are working on bipartisan legislation to improve our competitiveness and make the United States a world leader in advanced manufacturing, innovation and supply chains," Schumer said from the Senate floor.

"It is my intention to have the full Senate consider comprehensive competitive legislation during this work period," he added.

Read more here. 

 

BLOCKED: Amazon blocked more than 10 billion listings as part of its push toward driving out counterfeit products, the e-commerce giant said Monday. 

Amazon said in its brand protection report that it invested more than $700 million and more than 10,000 employees as part of the effort to protect the online store from fraud and abuse. 

The company also said its verification processes prevented more than 6 million attempts to create selling accounts, stopping bad actors before they published any products for sale. Just 6 percent of attempted account registrations passed Amazon's verification processes and listed products for sale, according to Amazon. 

Read more here

 

BYE BYE JEDI?: The Defense Department is considering scrapping a multibillion-dollar cloud-computing project that's been bogged down by lawsuits and lawmaker scrutiny, The Wall Street Journal reported Monday.

Amazon for more than a year has contested the $10 billion Joint Enterprise Defense Infrastructure (JEDI) contract awarded to Microsoft in 2019.

The Pentagon is in the process of reviewing the project after the U.S. Court of Federal Claims on April 28 decided not to dismiss a protest lawsuit filed by Amazon.

Read more here. 

Lighter click: Sounds like some sweet folks

An op-ed to chew on: What should NASA do about the Chinese space station? 

 

NOTABLE LINKS FROM AROUND THE WEB: 

How to wage an antitrust war (Protocol / Ben Brody)

Blind people, advocates slam company claiming to make websites ADA compliant (NBC News / April Glaser)

A county-by-county look at the broadband gap (The Verge / Russell Brandom and William Joel)

Outbrain