James S. Brady Press Briefing Room
12:50 P.M. EDT
MS. PSAKI: Hi, everyone. Okay. I know we’re waiting for a gather time, too. So not to scare you — if there is a note passed, nothing bad is happening. We’ll just keep you all abreast of when it’s time to do that.
So just a couple of items for you all at the top. Obviously, the President just spoke to the Colonial Pipeline and progress that’s been made. And he was sending the clear message: There’s an end in sight for the supply disruptions that have — affects strates — states across the Southeast.
As you all know, Colonial reported that product delivery had commenced in a majority of the markets they serve and that they expect the pipeline to have full operational restoration in every market by noon today. Obviously, there is still going to be some time until things go back to normal.
But, in the last 48 hours alone, we announced a targeted Jones Act waiver to ease shipping of full — fuel; on top of waivers for EPA for a dozen states, expanding gasoline supply; steps taken by DOT to make it easier to ship fuel over land; and a number of other actions across the federal government.
President Biden and his team also — we also wanted to thank the governors and state and local leaders throughout the affected region who have moved very quickly in a coordinated way over the last several days.
…
Q And lastly, does the fact that Colonial Pipeline paid a ransom make you concerned that this could happen over and over again — these types of hacks?
MS. PSAKI: Well, first, Steve, let me say that I’d refer you to the company for any confirmation of — or comment on that particular question. It continues to be the position of the federal government, the FBI, that it is not in the interests of — of the private sector for companies to pay ransom because it incentivizes these actions, leading to your — leading to your point.
I will say that one of the lessons that other companies should take away from this hack is that it’s important to harden your cybersecurity, to take the necessary steps to ensure that you’re protected.
There are steps we can take from the federal government. Obviously, the President signed an executive order last night. We believe that it’s important to increase cooperation, sharing of best practices between the public and private sector in a way that hasn’t been done in past administrations. But, ultimately, it’s up to these companies to take the steps to protect themselves.
…
Go ahead.
Q Thanks. Just a few questions on Colonial —
MS. PSAKI: Sure.
Q — and the Jones waiver, if you’re willing. Can you identify the name of the tanker yet?
MS. PSAKI: I cannot. I would point you to the Department of Homeland Security.
Q Okay. And then can you share anything on the duration of how long the waiver will be in effect?
MS. PSAKI: I think what the President — what we’ve conveyed is: as — as long as it — as it is needed to address the supply. So I don’t — I don’t have an additional number of days or weeks for you.
Q Okay. And then on retaliation — and the President addressed this a little bit — but would it be proportional since now the government believes that these hackers do live in Russia — is there any discussion about Nord Stream 2 or taking away something that Russia — Russia wants? Has there been any discussion of stopping the completion of Nord Stream 2 as retaliation for this?
MS. PSAKI: Well, we continue to think that Nord Stream 2 is a bad project, as you know. But we — there’s still an ongoing investigation. Obviously, the President was speaking to what we know now. But in terms of the conclusion of that, we would point you to the FBI and — in terms of what steps could be taken, that would likely be recommended by Cyber Command, and we’re just not quite there yet.
Q Is that on the table? Is there any discussion about Nord Stream 2 or (inaudible)?
MS. PSAKI: We’re just not quite — quite there yet.
…
Go ahead.
Q Thanks, Jen. On Colonial, I know the President said that he didn’t want to comment on whether he was briefed on the payment, but, just to put it a little bit more broadly, was the administration aware at all whether a payment or not was made?
MS. PSAKI: I’m just not going to have any more on that.
…
Go ahead, David.
Q A few questions on Colonial, Jen. The President, at one point in the statement today, said that he was going to take steps to “disrupt” this network. And then he was asked later on: Does that mean return cyberattacks? Would he rule that out? He seemed to say no. Did — is —
MS. PSAKI: As in he wouldn’t rule it out.
Q He would not rule it out.
MS. PSAKI: Yeah.
Q That was — that was clear. So, is his idea here something similar to what Cyber Command did last year with another ransomware group, where they actually stopped them from getting on their servers in an effort to try to keep them from disrupting the 2020 election? Is that the model that the President has in mind?
MS. PSAKI: I think we’re not quite there yet, David. Obviously, this just happened just a couple of days ago. You know, he was providing an update to the public and being transparent with all of you about what we know as it relates to the investigation.
That investigation is still ongoing at the FBI, and obviously Cyber Command would make recommendations about next steps — as we often like to say: some seen, some unseen. But I can’t get ahead of where we are in any internal process.
Q So when the President said that this happened from Russian territory, was he suggesting that if it happens from your territory, as we often say in terrorism issues — this came up often when you were at the State Department — that the country from which an attack is launched is as responsible for it as the attackers themselves?
MS. PSAKI: I would say he’s making that clear because, certainly, the host — the country where individuals are located, even as a criminal network, even as he’s confirmed that we don’t have information from our review process that suggests the government was involved, there’s still some responsibility.
Q And my final question to you goes to your reluctance to discuss the ransomware issue.
MS. PSAKI: Mm-hmm.
Q I’m trying to figure out if, on the one hand, the government has a policy that — of recommendation, why isn’t it in your interest to call out companies that might actually violate what both the FBI and the Treasury Department have recommended strongly? In fact, Treasury Department went beyond that last year; they said that there could be sanctions against people who pay ransomware. So I’m trying to understand what the theory is in not calling them out if you know the answer to the question.
MS. PSAKI: Well, David, I would say that it’s the recommendation of the FBI to not pay ransom in these cases, as you well know — for good reason, because it can incentivize similar attacks, additional attacks, to Steve’s other question.
But, again, our policy remains — that’s our recommendation, but — that private-sector entities or companies are going to make their own decisions. So, what I’m here to do is just convey the policies of the United States government, and it doesn’t feel particularly constructive to call out companies in that manner at this point in time.
…
Source White House
