Tuesday, Sen. Marco Rubio (R-FL) sounded off on the Colonial Pipeline ransomware attack that is causing a gas shortage across the southeastern region of the United States.
Rubio called for mandatory reporting when it comes to cyberattacks, noting that “plenty of businesses” do not report when they get hit.
Host Brian Kilmeade asked, “Senator, what is the role you believe of the federal government when it comes to protecting from cyberattacks these vital industries that have to do with national security? Should we be playing a more active role in Washington?”
“Yes, and I think we’re trying,” Rubio replied. “I think there’s some efforts to do that now. I think the first is mandatory reporting. In the case of the pipeline, obviously, that’s not something that they could necessarily cover up because you could see the disruption. But there are plenty of businesses out there who get hit with ransomware attacks and never report it. Now, I think one thing is that that’s some t-shirt shop somewhere — wherever it might be — and I’m not diminishing the importance of their business to those people, but it’s not critical to the country. There’s a difference between industries that are critical to the country, and if you shut down a water plant, a pipeline, an air traffic control — things of that nature — then you’ve got a big problem.”
“So, I think for those critical industries, there has to be reporting requirements where they tell us when they’ve been attacked,” he added. “I think that there should be minimum requirements for infrastructure in this country having a place to defend itself. And I think there has to be a singular agency — we don’t have to create a new one — but who is in charge of the immediate response to it and it’s constantly updating everybody about the latest and greatest technologies available to help prevent against this sort of attack.”
Rubio warned there could be more attacks in the future and emphasized the need for “better awareness” to help prevent them.
“I think we also have to do better awareness,” he advised. “And there are a lot of businesses out there that think they are postured against cyberattacks, but they really aren’t. And look, there’s no easy answer. These guys — this is their full-time job to try to figure out how to get inside someone’s system, steal their information, and say we’re not going to give it back to you, and you won’t be able to run your business until you pay us the ransom. And this another example of it.”
Rubio continued, “But I think we’re going to see more cases of this, and I think some could be life-threatening if it happens to a hospital system or an airline, or something — or a pharmaceutical company. I think you could see some real problems.”
Follow Trent Baker on Twitter @MagnifiTrent