Remarks on the Colonial Pipeline Ransomware Attack and an Exchange With Reporters

The President. Hello, folks. I want to update everyone on the ransomware cyber attack that impacted on the Colonial Pipeline over this past week.

As of yesterday evening, Colonial has begun restarting the flow of refined products in their pipeline. This morning Colonial reported that fuel is beginning to flow to a majority of the markets that they service, and they should be reaching full operational capacity as we speak—as I speak to you right now.

That is good news. But I want to be clear: We'll not feel the effects at the pump immediately. This is not like flicking on a light switch. This pipeline is 5,500 miles long. It had never been fully shut down in its entire history and so fully. And we have to—now they have to safely and fully return to normal operations. And it's going to take some time, and there may be some hiccups, like I just had, along the way here. [Laughter]

Still, we expect to see a region-by-region return to normalcy beginning this weekend and continuing into next week. In the meantime, I want to update you on what our administration is doing to accelerate this process, to mitigate shortages, and to protect you from price gouging—to protect the American people from price gouging—all those along the line.

First, we relaxed rules for pipeline operators to provide flexibility for emergency personnel to help manually get portions of the pipeline up and running earlier this week. Secondly, over the weekend, we reviewed and worked with the company to get a portion of the pipeline system from North Carolina to Maryland to operate under manual control and deliver its existing inventory.

In addition, we've put in place emergency orders that lifts hours—the hours restrictions and allowed States to lift weight restrictions for tank truck drivers to be on the road. This allows those drivers to work more and carry more fuel to the affected regions.

Third, the Environmental Protection Agency issued a targeted, 20-day waiver of standards in several States to give fuel suppliers more flexibility to use available fuels where they're needed, which will boost the fuel supply.

And those last two actions have made tens of millions of gallons of additional fuel available each day to be able to be distributed. Put another way: The extraordinary measures the administration has taken, we estimate, sent enough gas to stations to fill the tanks of over 5 million vehicles in the last few days.

Fourthly, as part of an effort to use every possible means to accelerate fuel deliveries, last night I granted a waiver of the Jones Act to fuel suppliers. This allows non-U.S. flagged vessels to transport refined fuel products from the Gulf of Mexico to affected areas. And we'll grant additional waivers if necessary. These steps are temporary, but they will remain in place until full service is fully restored. This is a whole-of-Government response to get more fuel more quickly to where it's needed and to limit the pain being felt by American customers.

Now, here is what drives—the driver in the States that are affected, here's what they—you can do, the drivers: Don't panic, number one. I know seeing lines at the pumps or gas stations with no gas can be extremely stressful, but this is a temporary situation. Do not get more gas than you need in the next few days. As I said, we expect the situation to begin to improve by the weekend and into early next week. And gasoline supply is coming back on line, and panic buying will only slow the process.

And I also want to say something to the gas stations: Do not—I repeat, do not—try to take advantage of consumers during this time. I'm going to work with Governors in the affected States to put a stop to price gouging wherever it arises. And I am asking our Federal agencies to stand ready to provide assistance to State-level efforts to monitor and address any price gouging at the pump.

Nobody should be using this situation for financial gain. That's what the hackers are trying to do. That's what they were about, not us. That's not who we are.

And as for the people who carried out this attack, the FBI has released details on the attack so others can take steps to prevent being victimized like Colonial has been. We do not believe—I emphasize, we do not believe—the Russian Government was involved in this attack. But we do have strong reason to believe that the criminals who did the attack are living in Russia—that's where it came from—were from Russia.

We have been in direct communication with Moscow about the imperative for responsible countries to take decisive action against these ransomware networks. And we're also going to pursue a measure to disrupt their ability to operate. And our Justice Department has launched a new Task Force dedicated to prosecuting ransomware hackers to the full extent of the law.

And finally, let me say that this event is providing an urgent reminder of why we need to harden our infrastructure and make it more resilient against all threats, natural and manmade.

My administration is continuing to safeguard our critical infrastructure, the majority of which is privately owned and managed, like Colonial Pipeline. Private entities are in charge of their own cybersecurity, and we need—and we have to—we know what they need. They need greater private-sector investment in cybersecurity. And that's why we launched a new public-private initiative in April that is focusing on strengthening cybersecurity in the electric sector for natural gas, for pipelines, as well as water systems and other lifeline sectors.

And last night I signed an Executive order to improve the Nation's cybersecurity. It calls for Federal agencies to work more closely with the private sector to share information, strengthen cybersecurity practices, and deploy technologies that increase reliance against cyber attacks.

It outlines innovative ways the Government will drive to deliver security and software, using Federal buying power to jumpstart the market and improve the products that all Americans use.

To assist in this urgent work of protecting our Nation's—our Nation against cyber attacks, I'm calling on the United States Senate to move quickly to confirm Chris Inglis as our National Cyber Director and Jen Easterly to be the Director of Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security.

In America, we've seen critical infrastructure taken off line by floods, fires, storms and criminal hackers. In Texas, last month, we saw what happens when storms hit power systems that aren't fully modernized or ready for the threats of extreme weather, with tragic results.

Now we're seeing the effect of criminal hackers with gas lines throughout the Southwest—excuse me, the Southeast. And we're in a competition with China and the rest of the world to win the 21st century, economically. And we're not going to win it competing with an infrastructure that is out of the 20th century. We need a modern infrastructure.

My American Jobs Plan includes transformative investments in modernizing and in securing our critical infrastructure. Later this afternoon I'll be meeting with Republican Senators to discuss ways we can move forward on modernizing the infrastructure we have today and building the infrastructure we need for tomorrow. I'm willing to negotiate, as I indicated yesterday to the House Members and to the leadership. But it's clearer than ever that doing nothing is not an option.

Again, we expect things to return to normal over the next several days. I will be monitoring Colonial's progress and the Federal Government's support every step of the way.

So stay strong. Help is on the way. We're going to get through this as we always do, as Americans, and we're going to do it together. And it's going to be quick.

God bless you all, and may God protect our troops.

Q. Mr. President, if I may—[inaudible]——

Cyber Criminals/Russia/President Vladimir Vladimirovich Putin of Russia

Q. Mr. President, you said that the hackers are believed to be living in Russia. At what point does the U.S. start to try to inflict pain on governments who allow this sort of this to happen in their territory?

The President. We are working to try to get to the place where we have sort of an international standard, that governments knowing that criminal activities are happening from their territory, that we all move on those criminal enterprises. And that I—I expect that's one of the topics I'll be talking about with President Putin.

Q. Mr. President, when does the Executive——

Ransomware Attack on Colonial Pipeline

Q. Are you confident that Putin was not involved? Are you confident that Putin was not involved?

The President. I am confident that I read the report of the FBI accurately, and they say they were not—he was not, the Government was not.

Q. What would you like to do——

Cybersecurity in the Private Sector/Federal Government Oversight

Q. Mr. President, Wednesday's Executive order mentions the Colonial Pipeline directly, but the press release says it only encourages private-sector companies to follow the Federal Government's lead, which—encouragement is good, but in the face of profit, it's kind of sketchy. So what concrete steps is the administration taking to ensure that companies are prepared and held accountable for their cyber issues—cybersecurity issues?

The President. You've asked three different questions in that one thing—[laughter]—I think, as I understand it.

The bottom line is that I cannot dictate that the private companies do certain things relative to cybersecurity. A lot of you are very seasoned reporters; you've been covering this debate up on the Capitol Hill for—before I became President—and, unrelated to President Trump, just a debate internally among Senators as to whether or not the Government should be assisting. And it gets into privacy issues and a whole range of things.

So that's going to be an ongoing negotiation. But I think it's becoming clear to everyone that we have to do more than is being done now, and the Federal Government can be significant value added in having that happen.

Yes.

Potential U.S. Countermeasures

Q. Are you confident—will you consider doing any kind of retaliatory cyber attacks to shut down these criminals? Are you ruling that out?

The President. No.

Israel/Rocket Attacks From Gaza/International Diplomatic Efforts

Q. Is Prime Minister Netanyahu doing enough to stop this violence there from escalating?

The President. I had a brief conversation with him yesterday. And I have my intelligence community, the Defense Department, as well as the State Department have been in contact with all of their counterparts in—not only in Israel, but in the region.

And one of the things that I have seen thus far is that there has not been a significant overreaction. The question is how we get to a point where—they get to a point where there is a significant reduction in the attacks, particularly the rocket attacks that are indiscriminately fired into population centers.

But I expect I'll be having some more discussions. And it wasn't—we haven't just spoken with the Israelis; it was the Egyptians, the Saudis, and others. So we're—it's a work in progress right now.

So thank you all so very much.

Ransomware Attack on Colonial Pipeline

Q. One more, Mr. President? Would you take just one more on the ransom? Were you briefed on the fact that the company did pay the ransom?

The President. I have no comment on that. Thank you.

Q. Thank you.

Q. Thank you, sir.