Sen. Ron Wyden, D-Ore., called Wednesday for the heads of critical infrastructure companies such as Colonial Pipeline to be held personally liable for failures to address cybersecurity flaws following a ransomware attack that crippled one of the eastern seaboard’s key fuel suppliers.
Wyden, a member of the Senate intelligence committee, called on Congress to "take action to hold critical infrastructure companies accountable" for security lapses. The Colonial Pipeline, which delivers nearly half of the fuel used along the east coast, was forced to shut down last Friday after the criminal hacker group stole and encrypted system data.
"For far too long Wall Street has racked up profits by cutting jobs in safety and security, even when it puts lives and the country’s economy at risk," Wyden said in a statement. "There must be serious civil and criminal penalties – with personal accountability for CEOs – for critical infrastructure firms with lax cybersecurity, and federal agencies should be conducting regular cybersecurity audits of these firms."
Colonial Pipeline said it took some systems offline as it moved to contain the cyberattack. US officials said the breach did not spread to systems that control pipeline operations.
The shutdown impacted fuel deliveries across several states, especially in the southeast, which is particularly reliant on the pipeline. Long lines at gas stations and instances of panic-buying prompted concerns about a potential gas shortage if officials are unable to quickly restore operations.
"Any company so vital to our economy that a cyberattack can disrupt the lives of millions of Americans, should be regularly audited by the government, so that our adversaries are not the first ones to discover cybersecurity weaknesses," Wyden added.
The FBI attributed the ransomware attack to a criminal hacker collective thought to reside in Russia known as DarkSide. Officials have yet to address how the group gained access to its systems.
The Associated Press contributed to this report.