James S. Brady Press Briefing Room
2:13 P.M. EDT
MS. PSAKI: Hi, everyone. Good afternoon. We have three guests joining us today: Secretary of Energy Jennifer Granholm, Secretary of Homeland Security Alejandro Mayorkas, and Deputy Security of Energy David Turk.
I — since Secretary Granholm and Mayorkas have been here before, I will skip their introductions. But I do want to note that Deputy Secretary Turk was previously the Deputy Executive Director of the International Energy Agency during the Obama-Biden administration. He coordinated international technology and clean energy efforts at DOE, and served as Special Assistant to the President and Senior Director at the National Security Council.
They obviously have a lot on their plates today but have agreed to stay for a few questions. With that, I will turn it over to Secretary Granholm.
SECRETARY GRANHOLM: Thank you. Great. Thanks, Jen. So the White House and the Department of Energy have been leading an interagency response to the Colonial Pipeline hack and, fortunately, the interagency response is bringing a lot of expertise and resources and authorities from across the federal government.
We’ve been working around the clock since Friday to help Colonial — Friday night, when we learned, of course, to hope — to help Colonial return the pipeline to normal operation as quickly and as safely and as securely as possible.
I would note that, last night, one of Colonial’s major lines resumed operation under manual control while the existing inventory is available, along with some of the smaller lines that are spurs off of the major lines. They are getting those up and running.
Many of you are aware that Colonial announced yesterday that they fully expect to substantially restore operations by the end of this week.
Now, I’ve had several conversations with the CEO of Colonial and — who has indicted that by close of business tomorrow, Colonial will be in a position to make the full restart decision.
But even after that decision is made, it will take a few days to ramp up operations. This pipeline has never been shut down before. It travels great distances. There is fuel in the pipe and then there is fuel — the offtake from the refineries that have to be added. So it will take a few days to be up and running.
But our interagency effort is going to be on it all the way. And let me tell you what that has looked like so far: Starting this weekend, my team began multiple daily calls with Colonial’s senior executives — Dave Turk leading those — and those calls have enabled us to share information across the federal government to keep us fully in sync with their progress and to let them know what resources we can bring to bear.
We’ve spoken today with — and yesterday with several governors’ offices in the affected areas from the South and the Mid-Atlantic. They’re are obviously, understandably concerned with reports of gas stations running out of fuel, and they want this pipeline restarted — restarted, as do we all.
We are going to continue to assess impacts along the East Coast and, in particular, the parts of the Southeast, using the information and analysis from the Energy Information agency, which is part of the interagency combined effort — and other federal partners.
We’re using these conversations and that information to inform the federal decision making with our federal partners around steps to mitigate these supply impacts and disruptions.
So on Sunday afternoon — some of you are aware that the Department of Transportation issued a issued an “hours of service” waiver, which provides greater flexibility to drivers who are transporting gas and diesel and jet fuel across 17 states as well as the District of Columbia.
DOT also moved to temporarily relax some of its workforce requirements and monitoring so that we can make sure that we have the personnel online in these — in these places and with the drivers.
This morning, the Environmental Protection Agency issued a waiver of the blend of fuels for the affected states to allow us to use noncompliant fuel and boost available supply where it’s needed.
Further, the Department of Transportation’s Federal Rail Administration is working to enlist rail operators in an effort to transport fuel from ports inland — to and from.
And I spoke, as well, with Chairman Glick of the Federal Energy Regulatory Commission — of FERC — this morning. He is positioned to issue — FERC is positioned to issue orders quickly to direct the pipeline to prioritize fuel to the areas that are most in need once the pipeline is up and running.
So, in short, we’re looking at every option we have across federal govern- — the federal government and all of the agencies.
And in the meantime — I do want to say this — that we expect that gas station owners are — are and should act responsibly. We will have no tolerance for price gouging.
Federal and state officials will be investigating those actions if they see price gouging. And we are urging consumers to report any price gouging to their state attorneys general.
And still, I want to be clear that these states who are impacted, even with the — the turning on of the pipeline system — they still may feel a supply crunch as Colonial fully resumes. So — but the American people can feel assured that this administration is working with the company to get it resumed as soon as possible.
And as — one other warning, I guess: Let me emphasize that, much as there was no cause for, say, hoarding toilet paper at the beginning of the pandemic, there should be no cause for hoarding gasoline, especially in light of the fact that the pipeline should be substantially operational by the end of this week and over the weekend.
So, at the same time, it certainly is a reminder that we need to take a hard look at how we need to harden our necessary infrastructure, and that includes cyber threats.
And as Anne Neuberger, who was here yesterday and told you: This administration is taking an all-hands-on-deck approach to enhancing our cyber defenses.
And Secretary Mayorkas is here to tell us a bit about what he’s doing on that front.
SECRETARY MAYORKAS: Thank you very much, Secretary Granholm. And let me — let me pick up on something that the Secretary said that I think is very important to emphasize.
On Friday, this ransomware attack became public. Saturday morning, the President was briefed and immediately directed an all-of-government effort, and immediately we executed on the President’s direction — the Department of Energy; the Department of Transportation; DOD — in terms of its logistics capabilities; the EPA; and, of course, the Department of Homeland Security; and — and others.
The — the direction was to bring our capabilities and our resources to bear, our expertise and whatever we can do to be poised should any of those capabilities be called upon, or be able to deliver much-needed resources.
We in the Department of Homeland Security, for example, began working immediately with the Department of Transportation to be ready should any request for a Jones Act waiver be made to us, to allow a foreign-flag vessel to deliver fuel should that need arise. And, of course, that need is not necessarily yet confirmed, but we wanted to be poised, at the President’s direction, to be ready and to be able to act immediately.
The — the attack that Colonial Pipe suffered is a ransomware attack. That threat of ransomware is, certainly, by no means new. As a matter of fact, last week I spoke at an event sponsored by the United States Chamber of Commerce about the gravity of the threat. More than $350 million in losses are attributable to ransomware attacks this year. That’s a more-than-300 percent increase over last year’s victimization of companies.
And there’s no company too small to suffer a ransomware attack. We are seeing increasingly small- and medium-sized businesses suffer a ransomware attack. And we are bringing in the Department of Homeland Security — our capabilities to bear through the Cybersecurity and Infrastructure Security Agency — or “CISA”, as it is commonly known.
We are in the lead in the public-private partnership in an all-of-government effort to raise the cyber hygiene of private industry and, of course, within the federal “dot-gov” environment as well.
We share information between the public and private sectors. We share best practices. We have cybersecurity directors to actually be onsite at a company’s facilities to assess it, to make recommendations, and to direct it with respect — to voluntarily direct it to raise its cyber hygiene and how we can best do so.
This threat is not imminent; it is upon us. The Colonial Pipe ransomware attack is a stark example of what we have been saying for some time now. And quite frankly, when I served as the Deputy Secretary of Homeland Security in the second term of the Obama-Biden administration, we were focused on it then.
And so we are bringing our all-of-government effort, at the President’s direction, to not only address the situation that is upon us today that is galvanizing our attention, of course, but to really focus on critical infrastructure and what we can do to strengthen that critical infrastructure across our government and to make it more resilient to these types of attacks and to raise awareness so that everyone understands the need to prevent and be in a position to respond to these attacks.
And I’ll turn it over to Jen.
MS. PSAKI: And I’ll just say, we may pull up our Deputy Secretary here, too, in case we need him.
Go ahead, Peter.
Q Secretary Mayorkas, I’ll follow up on what you just said a moment ago: The FERC Chairman, to whom the Secretary referred to a moment ago, said yesterday there should be “mandatory” cybersecurity standards for pipelines. Do you agree? And is this administration going to try to put those in place?
SECRETARY MAYORKAS: So, our conversations within the administration are ongoing and have been underway with respect to what measures we need to take — both administratively and, of course, in a companion effort, the legislature — to see how we can raise the cyber hygiene across the country.
…
Mary.
Q Secretary Granholm, you just acknowledged the possibility of a supply crunch. Can you give us, sort of, more of a reality check here? What kinds of shortages should Americans be bracing for? What kind of disruption on gas prices can Americans expect?
SECRETARY GRANHOLM: First, let me just be really clear: The crunch is in the areas that are affected by the pipeline — the main spurs of the pipeline. So, that really is the Southeast. About 70 percent of the supplies of North Carolina, South Carolina, Tennessee, Georgia, and especially southern Virginia are impacted the most.
And so those are the areas that — where we have the greatest concerns with. And because of the — the fact that there’s not a whole lot of other supply — now this particular pipeline also supplies other states, but there are other pipelines that supply their states as well, so there’s more diversity.
In this particular region, that’s where we’re going to see the crunch, and this is why we are — we know that we have gasoline; we just have to get it to the right places. And that’s why these next couple of days, I think, will be challenging.
And we want to encourage people: It’s not that we have a gasoline shortage, it’s that we have this supply crunch, and that things will be back to normal soon, and that we’re asking people not to hoard. And know that every — we are all over this.
MS. PSAKI: Aamer.
Q Thanks. What does this say about the fragility of our national infrastructure that one hack could do this and could have been worse if the hackers have gotten into the operational system?
SECRETARY MAYORKAS: Attacks on our critical infrastructure are not new. There are different levels of strength and resilience across the critical infrastructure enterprise, and that is why we are so focused on making sure that the cyber hygiene across the entire enterprise is strengthened.
And remember, in cybersecurity, one is only as strong as one’s weakest link. And therefore, we are indeed focused on identifying those weak links; working with those weak links — in the critical infrastructure enterprise as well as throughout the private sector; and strengthening our country as a whole. This is not unique to the United States.
MS. PSAKI: Nandita.
Q Thanks, Jen. Secretary Granholm, can you give us a sense of the timeline on the Jones Act waiver that we just heard from the DOT about? And when will it go into effect?
SECRETARY GRANHOLM: Actually, you’re the —
SECRETARY MAYORAKAS: So —
SECRETARY GRANHOLM: This is the Jones Act guy. (Laughter.)
SECRETARY MAYORKAS: Yeah. Yeah, so — so if I may, when we receive a request for a waiver, the Department of Transportation engages in an ana- — an analysis to determine whether any U.S.-flagged vessels are available to deliver what is needed.
And if in fact they are, then, of course, they are called upon under the Jones Act statute to deliver accordingly. But if there are U.S.-flagged — if there are not U.S. flags available, then we analyze the need for foreign-flagged vessels and apply the statutory requirements correctly.
And, of course, in a situation such as this, the work we already began precisely for this reason, at the President’s direction, to be ready and to be responsive with the urgency that the situation would require. So we are on it as fast as possible.
Q So is there — is there a timeline, Secretary? I know you’re — I know you’re conducting a review, but what is the timeline?
SECRETARY MAYORKAS: So we’re going to move in — in lightning speed.
MS. PSAKI: Matt Viser.
Q I had a question for Secretary Granholm on behalf of a colleague who couldn’t be here — not about the Colonial Pipeline, but a different one. The state of Michigan has ordered a closure of a pipeline called “Line 5” with a deadline tomorrow.
The question is: Has the White House or the Biden administration or the former governor of Michigan, current Secretary Granholm — if there’s any position on the Line 5, if you guys are urging the state of Michigan to do anything one way or the other?
SECRETARY GRANHOLM: Yeah, we don’t weigh in on that, and it’s in court right now, so that’s where it sits. It will be decided in court.
MS. PSAKI: Go ahead.
Q Yeah. Can you tell us what is the feasibility of using rail cars to transport fuel into the affected areas? I know that’s being looked at.
SECRETARY GRANHOLM: Yeah. The DOT is looking at that, and so we’ll have to wait until their analysis is done. These — these are not easy solutions because there may or may not be the right rail cars; there may not or may not be the deep-water ports available for the Jones Act to be able to respond.
So this particular area of the country there — this is why we have doubled down on ensuring that there’s an ability to truck oil in — gas in. But it’s — the pipe is the best way to go. And so that’s why, hopefully, this company, Colonial, will, in fact, be able to restore operations by the end of the week as they have said.
MS. PSAKI: We’re going to do that last one, in the back.
Q Yeah. I just have a question for each of you. I’ll start with you, Secretary Granholm, because ladies first. Obviously, we have the acute issues with the Colonial Pipeline ransomware attack. But looking more holistically in a macro view, how does this speed up the efforts at DOE to move in more of a renewable direction since this is going to have an impact on people at the pump?
SECRETARY GRANHOLM: Yeah, I mean, we obviously are “all in” on making sure that we meet the President’s goals of getting to 100 percent clean electricity by 2035 and net-zero carbon emissions by 2050. And, you know, if you drive an electric car, this would not be affecting you, clearly.
But it’s just — it’s another — it’s — I don’t want to — this company is acting in a responsible way. They took their pipeline down so that the ransomware would not spread. And so, up to this point, they have — they’re carefully reviewing so that they’re doing this in a responsible way.
The broader issue is a very important issue. It’s an issue for the President’s priority and the American Jobs Plan — the issue of investing in a transmission grid, for example, so that you don’t have the cyber issues associated with it. So there’s a lot of broader questions in this, and we hope that we’ll be able to see that investment in infrastructure that will facilitate clean and renewable energy.
Q Secretary Mayorkas, for you: Are you having any issues filling some of these critical infrastructure jobs? I know this has been, sort of, a historic problem in finding people who are qualified to take on mass-scale cybersecurity? For the federal government, that’s a huge undertaking. Are you still having some of the issues that we’ve seen, sort of, on and off throughout history — really in the history of DHS — filling those positions with qualified applicants?
SECRETARY MAYORKAS: So it’s a very interesting question. So, let me say, we — we launched this series of cybersecurity sprints several weeks ago. Our first cybersecurity sprint was on ransomware, precisely because of the threat — the gravity of the threat that that poses.
Our second sprint is precisely on recruiting and retaining top cybersecurity talent — (someone sneezes) — bless you — top talent. And we’re very focused on that.
And we’re very focused on also achieving one of the President’s critical directives to reflect a critical value, which is that — which is that our cybersecurity talent will achieve diversity, equity, and inclusion.
Thanks.
MS. PSAKI: Thank you, both.
SECRETARY GRANHOLM: All right, thank you.
SECRETARY MAYORKAS: Thank you very much.
MS. PSAKI: Okay. I have a hard stop at three o’clock, but I wanted to, of course, bring the two Secretaries here, and I know there’s other things going on in the world, so we will get to as many questions as we possibly can.
…
Go ahead, Mary.
Q Thanks, Jen.
On the pipeline, the President has talked about needing to give financial support to protect critical infrastructure, but his infrastructure plan doesn’t explicitly outline any funding for cybersecurity.
So, what kind of investments, if any, in cybersecurity would the President like to see included in an infrastructure bill to prevent future attacks like this?
MS. PSAKI: Well, as we work and have discussions with Congress and as we finalize details of the American Jobs Plan, we are talking about investing in critical infrastructure. And, you know, we’ve looked at, for example, what we saw in Texas and the need to better protect and better prepare for even events like that — weather events — where infrastructure could have been better protected.
And certainly, ensuring that cybersecurity is a part of that conversation is on the mind of the President and one he’ll look forward to his team having with members and with staff on the Hill moving forward.
Q I guess, well, when you take a big-picture look at this, you know, cybersecurity experts have been warning for years about attacks like this, and yet we haven’t seen the government take steps to be able to prevent them. Why should Americans be confident that this time will be any different?
MS. PSAKI: Well, I think it’s important to remember this is a private-sector company; this isn’t a federal government entity. And we are working closely with them both to stay closely coordinated, ensure that they are getting the assistance and counsel they need, but also we are working through an interagency process with a great deal of urgency, I promise you, coming from the President, to ensure that we are taking steps through — steps from the federal government to plan for all contingencies.
This was a private-sector action, as Secretary Granholm said, of a company to take down their pipeline because of the ransomware. This is ransomware that has been out there for some time. We have, in this gover- — in this White House and in this government, we have ensured that there is increased cooperation between the public and private sector, but a big lesson from this is the need for all companies to harden the cyber- — their cybersecurity apparatus and to ensure that they are protecting themselves, even as we are working as a government to plan for contingencies and ensure that, across the federal government, we have all the necessary protections in place.
Q And just lastly, the President said yesterday that the hack was traced back to Russia, but there was no evidence that the Russian government was involved. Is that still your understanding, and, if so, what responsibility does Russia bear, if any, to deal with these actors?
MS. PSAKI: Well, the President also said that his intelligence community has not made a full assessment yet, which remains the case. But also that, given that this entity that the FBI had concluded — or, you know, given — attributed, I should say, with the attack, was located in Russia, that that country has a responsibility to — to act responsibly.
But again, we’ll wait for our intelligence community to make a full assessment before we have more to convey about it.
…
Source White House Press Briefing
