The gas may be flowing again, but the White House is more worried than it's letting on about the potential fallout of the Colonial Pipeline hack that caused fuel shortages and triggered price increases, Axios has learned.
Behind the scenes: Senior Biden officials are acutely sensitive to the images of lines outside gas stations before Memorial Day — the typical launch to the summer driving season. Republicans also are jumping on the bandwagon, suggesting Joe Biden is a modern-day Jimmy Carter.
- Inflation seeping into the public consciousness and checkbook is giving legs to the attack.
- "I see that everybody is comparing Joe Biden to Jimmy Carter," former President Trump said in a statement Wednesday. "It would seem to me that is very unfair to Jimmy Carter. Jimmy mishandled crisis after crisis, but Biden has CREATED crisis after crisis."
- While the attempts to paint Biden as Carter are very real, a key difference with regard to the pipeline crisis is that gas disruptions in the 1970s happened in two waves, and lasted months. Colonial Pipeline announced Wednesday it was resuming its operations.
What we're hearing: Administration officials were relieved when they learned Colonial would begin reopening, but the crisis is still far from over.
- Widespread gas shortages and hiked prices are expected to linger for weeks, and concerns over the country's vulnerability to cyberattacks that could threaten the U.S. grid remain at a fever pitch.
The big picture: Seeking to calm nerves on Capitol Hill, the White House took the unusual step of arranging for three Cabinet secretaries to brief Congress on the Colonial ransomware attack.
- The White House's "bipartisan member briefing" on the cyberattack was to be held at 6 p.m. Wednesday, according to an invitation reviewed by Axios.
- Briefers included Homeland Security Secretary Alejandro Mayorkas, Transportation Secretary Pete Buttigieg and Energy Secretary Jennifer Granholm.
Between the lines: The Colonial hack is a wicked problem for the White House. Because it involves a private company, there are limits to what the Biden administration can do unilaterally.
- The White House issued a long-awaited cybersecurity executive order but it will require an act of Congress to create transformational change.
What they're saying: Sen. Chris Coons (D-Del.), a close friend of the president's, nodded when Axios asked whether the White House is more concerned about the situation regarding the Colonial Pipeline than it's letting on.
- "We need to work in a bipartisan way to continue strengthening the legal, the regulatory, the federal, the state and the private infrastructure," Coons said.
Sen. Mark Warner (D-Va.), who's been a leading voice in Congress on the issue, told Axios that if Americans knew how many ransomware attacks were happening every day, it would "blow their minds."
- The Colonial hack, coupled with the Russians' SolarWinds attack — which had a breathtaking scale penetrating some 16,000 companies — has made people realize a cyber enemy could shut down an entire economy, Warner said.
What to watch: Warner sees a rare opportunity for bipartisan cooperation.
- He said he wants to partner with Republicans and the appropriate committees on legislation forcing critical infrastructure companies to report cyberattacks to a public-private entity in near real-time.
- Sen. Susan Collins (R-Maine) said: "I've been concerned for many years that we don't even have a mandatory requirement that attacks be reported to the federal government, and that information be shared."
What's next: That still leaves the challenge of hardening infrastructure.
- Major energy and other critical companies throughout America are still running outdated and vulnerable legacy computer systems.
- Jason Crabtree, CEO of cybersecurity and risk analytics company QOMPLX, and a former adviser to leadership of Army Cyber Command, said: "Mandatory reporting of breaches and incursions is a good start, but our government needs to do more."
- "And companies need to actually walk the walk: by moving their cyber modernization efforts up to the top of the corporate priority list where leadership is held accountable for security program investment like other core business functions.”
