politics

Senate Intel Chairman Calls for Mandatory Reporting of Hacks After Colonial Pipeline Attack

colonial pipeline
Michael M. Santiago | Getty Images
  • Sen. Mark Warner is calling for legislation that would require private companies to report cyberattacks to the government.
  • "We have treated cyber unfortunately as an afterthought for a long, long time," said Warner, a former technology investor and Virginia governor.
  • The intelligence committee chairman spoke in the wake of the ransomware attack on Colonial Pipeline that has sparked gas shortages in several states and raised fears of rising fuel prices.

Senate Intelligence Committee Chairman Mark Warner, D-Va., called on Wednesday for legislation that would require private companies to report cyber attacks to the government in the wake of the ransomware attack on Colonial Pipeline that has sparked gas shortages in several states and raised fears of rising fuel prices.

"We have no actual system in place to make, whether it's Colonial Pipeline or SolarWinds, or any other company, actually mandatorily report that information to the government in real time so that we can have a full-fledged response," the Virginia Democrat said on CNBC's "Squawk Box."

Colonial Pipeline, which supplies about half of the east coast's gasoline, ceased operations on Friday and said it was the victim of a ransomware attack. The Federal Bureau of Investigation has said the hacker group DarkSide is responsible.

Warner said mandatory reporting of hacks could be modeled on the National Transportation Safety Board and early warning systems in place in the financial sector. He said the information at firms provide would be kept confidential and subject to limited protection from liability.

"We have treated cyber unfortunately as an afterthought for a long, long time," said Warner, a former technology investor and Virginia governor.

Warner has previously said his committee is working with White House national security advisors on legislation that would require mandatory reporting of cyber threats.

"The number of companies that are getting hit on a regular basis with ransomware attacks and quietly paying in bitcoin or other cryptocurrencies, I think would shock most folks in business," he added.

In addition to mandatory reporting, Warner supports the creation of a rapid response team made up of public and private sector technology experts. He said the team would include the FBI, the Cybersecurity and Infrastructure Security Agency and firms like Amazon and Microsoft.

"We need a real-time reaction team. And unfortunately, we don't have that right now. Cyber is always a boring item until it hits home," Warner said.

Virginia is one of at least 17 states to declare a state of emergency as a result of the pipeline hack along with the District of Columbia. The pipeline company has said it expects to restore operations by the end of the week.

Warner also addressed Federal Reserve Chairman Jerome Powell's comments last month, in an interview on CBS's "60 Minutes," naming cybersecurity as the No. 1 threat to the financial system. Warner said that, as head of the intelligence committee, cyber issues were one of his "top three" concerns.

"My concern is this: We see the effect of this ransomware attack against one pipeline. We saw, at the end of last year, the SolarWinds attack, which was generated by Russia, that hit 18,000 companies. Luckily that was only espionage, where they were trying to exfiltrate information," Warner said.

"Let's imagine what would happen if we combined — if suddenly you had somebody shutting down 18,000 companies across our economy," Warner added. "We would come to a grinding halt."

Read more: Spot gas shortages could worsen if Colonial Pipeline doesn’t reopen by the weekend

Subscribe to CNBC Pro for the TV livestream, deep insights and analysis.

Copyright CNBC
Contact Us