May 08, 2021

Senator Markey Reacts to Cyberattack that Shutdown Colonial Pipeline

Washington (May 8, 2021) – Senator Edward J. Markey (D-Mass.) released the following statement responding to reports of a cyberattack on Colonial Pipeline, one of the United States’ largest pipelines that carries 45 percent of the total fuel supply for the East Coast, which forced the pipeline to shut down all operations.

"An understaffed, underprepared Transportation Security Administration—which had only six full-time staff on pipeline security as recently as 2019—cannot successfully ensure the security of dangerous and susceptible natural gas pipeline infrastructure,” said Senator Markey. The federal inability to prevent and effectively respond to cyberattacks turns our pipeline system into a risk for communities and an increasingly vulnerable component of our electricity system. While we need more information about the circumstances that allowed the Colonial Pipeline cyberattack, we cannot ignore the longstanding inadequacies that allowed for, and enabled, cyber intrusions into our critical infrastructure.”

In 2018, Senator Markey wrote to major utilities following Russian cyberattacks on the electric grid, as well as to key federal agencies more information about the roles each agency play in identifying, analyzing, responding to, or creating new rules and standards to address cyber vulnerabilities of electric utilities; how each agency works with other federal agencies to coordinate efforts around cybersecurity of electric utilities; efforts to engage both electric utilities and critical third party vendors to protect electric utility assets against vulnerability; and any efforts to proactively identify vulnerabilities in the U.S. electric grid. In 2013, then-Congressman Markey and Congressman Henry A. Waxman (CA-33) releases a report that found that the lengthy, industry-driven process by which grid security standards are set results in long delays and haphazard implementation of the voluntary security recommendations the industry refuses to make mandatory. Following that report, FERC issued a series of rulings intended to strengthen grid cybersecurity.

###