With U.S. Senator Chuck Grassley
Q: Are recent cyberattacks on JBS and Colonial Pipeline the tip of the iceberg?
A: Ransomware cyberattacks targeting critical U.S. infrastructure are cropping up with increasing frequency, delivering wake-up calls to cybersecurity vulnerabilities across the government and U.S. economy. The attacks on digital information systems put our national security at risk, sweeping food, energy and financial systems into jeopardy. In recent years, data breaches have vacuumed up volumes of personal and financial information on American consumers. Last December, the U.S. Energy Department, which manages the U.S. nuclear arsenal, announced it had been the target of a highly sophisticated data breach. Cyberespionage has tremendous potential to disrupt everyday life, impacting the health and pocketbooks of Americans. Cyberattacks are more frequent and more sophisticated. Bad actors are targeting our bank accounts, businesses and critical infrastructure. A few weeks before Memorial Day, a cyberattack on Colonial Pipeline, the nation’s largest fuel pipeline, disrupted supplies along its 5,500-mile network between Texas to New Jersey. Less than one month later, hackers targeted the world’s largest meat processor. JBS was forced to idle its U.S. beef plants, and temporarily halt production lines at its pork plants in Marshalltown and Ottumwa. The cyberattack exposed existing vulnerabilities in our food supply chain, underscoring the issue of too much concentration in the meatpacking industry. I’m introducing a bipartisan bill with Sen. Jon Tester to create a special investigator within the USDA to help beef up enforcement of the Packers and Stockyards Act. We need to zero in on anticompetitive behaviors in the meatpacking industry that impact market fairness and our nation’s resiliency to natural disasters, pandemics and cyberattacks. Food security is national security. After the ransomware attack, I called the head of JBS to find out what help the company might need to get back into operation and discuss ways to thwart future attacks. These attacks reflect the urgency for the government and private sector to work in partnership, share information and double down on efforts to prevent cyberattacks. Cyberwarfare is here to stay in the 21st century and it’s unlike traditional adversaries America has encountered. Our response must be coordinated, clear and unequivocal. We cannot allow cybercriminals to extort government agencies or American businesses. The attacks on the nation’s fuel and food supply lines took strategic aim at American consumers, orchestrated at the cusp of the busy summer driving and grilling season.
Q: What can be done to prevent and protect against cyberattacks?
A: The president and Congress must work with our allies and send a clear message to state-sanctioned cyberterrorism and cyberespionage. Experts believe the attacks on Colonial Pipeline and JBS were linked to Russian crime rings. President Biden is scheduled to meet with Vladimir Putin soon. At a minimum, he needs to go into that meeting carrying a big stick because talk alone will not change Russian behavior. Putin only responds to strength. In fact, a high level summit in itself lends prestige to the Russian dictator. Biden should consider canceling the meeting until he sees some evidence the Russian government is no longer allowing cybercriminals to act with impunity against American targets. A good first step would be for the president to reconsider his decision to waive sanctions on the company building Russia’s Nord Stream 2 pipeline and the Putin crony who is its CEO. Here in the U.S., we need better information sharing between the public and private sectors. I’ve worked on bipartisan legislation to reduce the legal barriers that may limit or prohibit this from taking place. The Senate Judiciary Committee has examined proposals addressing federal data security requirements and a uniform security breach notification standard. The recent ransomware attacks remind us how critical infrastructure, including aviation, banking, communications networks, emergency and other public services, is vulnerable to disruption. In the last generation, society has transitioned to a digital economy. We need all hands on deck to keep cyber thieves from infiltrating information technology architecture, including our election systems. I’ve asked Chairman Dick Durbin to schedule a hearing to examine the most recent cyberattacks on our food and energy supply chains. In the meantime, the FBI will brief us on its enforcement efforts. When cyberattacks come up at my county meetings, I remind Iowans not to take their own online security for granted. Take steps to keep your finances, medical history and tax records private and out of the wrong hands.