Return to Transcripts main page


CNN Reports, Criminal Group from Russia Likely Behind Pipeline Cyber Attack; Republicans Set to Vote to Oust Rep. Liz Cheney (R-WY) as Early as Wednesday; Several States no Longer Ordering Full Allocation of Vaccine Doses. Aired 10-10:30a ET

Aired May 10, 2021 - 10:00   ET


JIM SCIUTTO, CNN NEWSROOM: One of the worst ever cyber attacks on U.S. infrastructure.


Officials now believe that a criminal group from Russia, known as DarkSide, is responsible for the massive ransomware attack, which has hit Colonial Pipeline over the weekend.

POPPY HARLOW, CNN NEWSROOM: That attack shut down the nation's largest pipeline and main fuel supplier to the east coast. You see it there running south to north. Now the federal government is preparing to take more steps to try to avoid more severe fuel disruptions. This as experts are warning gas prices are likely going to spike in the next few days if this line does not come back fully online.

Josh Campbell joins us now with the latest. Josh, I mean, the sad reality here is they knew something like this could happen about a decade ago. Lawmakers proposed bipartisan legislation to help protect against it. That failed. And now this happened.

JOSH CAMPBELL, CNN SECURITY CORRESPONDENT: Yes, it's a great point. And, obviously, this is a key piece of critical infrastructure in the United States. It has remained a target. We often talk about what law enforcement in the intelligence community does after an attack, but this is raising serious questions about what the U.S. government is doing to stop additional attacks on the U.S. infrastructure system.

Now, to set the stage for you here, we're learning about what has been described as a massive attack on the energy sector, this after Colonial Pipeline was compromised by hackers.

Let's take a look at that map again. I want to show you just how significant this is. This runs from Texas all the way up the east coast. This pipeline providing nearly half of the fuel that's consumed along the east coast. It's not just average consumers. It's also the United States military. We're learning from the Defense Logistics Agency that this pipeline also services Joint Base Andrews and Bowling Air Force Base there outside Washington, D.C. So, again, serious questions about the implications here from this hack.

Now, to tell you about what happened, we're told that this company, Colonial Pipeline, was the victim of what is called ransomware. And the easiest way to think about this is when hackers gain access to a system and then lock you out of your own data, often demanding a ransom or payment in order to regain access to their systems.

But, of course, this is not just an average company. It is not just metal pipes. We're talking about not only the significance of who the service is but also we're talking about pipes that have switching systems and terminals up the eastern seaboard, obviously carrying flammable fuel and jet fuel. So out of an abundance of caution, the company took this pipeline down. It remains largely down at this hour.

Now, we know that the FBI is investigating. The White House is also convened an interagency working group in order to deal with the potential fallout here over the weekend. The U.S. Department of Transportation issued an emergency order that would allow over-the- road truckers to work longer hours. Again, they're trying to mitigate the disruption here and the flow of so much of this fuel, obviously raising questions about how this could impact U.S. fuel prices.

Now, finally, as far as who is responsible, sources tell us that it's believed to be a Russian criminal hacking group known as DarkSide. There is little that we know about this group. But, of course, as we've covered so many of these attacks in cyberspace, it's worth noting out that we've seen this symbiotic relationship in the past between the Russian intelligence services as well as some of these criminal groups who often serve proxies. There's no indication here yet that that's at play, but, obviously, we can't overlook Russia's history in cyberspace. A significant breach here that authorities are still trying to deal with.

HARLOW: It's a great point that Jim made last hour as well. Josh, thanks very much for the reporting. Jim?

SCIUTTO: Joining me now to discuss, Rob Lee, he's CEO of Dragos, it's a cyber security firm focusing on industrial cyber security. Rob, good to have you on.

ROB LEE, CEO, DRAGOS: Thanks for having me.

SCIUTTO: You made the very smart point that some of the shutdown is deliberate. In other words in, response to the attack, the company shut down protectively. Was that the right move and how quickly with an attack like this can you get systems back up and running?

LEE: Absolutely. So they did all the right things, calling it a top tier instant response firm for the private sector as well as informing government, and taking the system down to proactively to make sure that safety is maintained. Recovering can take quite a bit of time but it's probably a multiday effort. We're not looking at like five, six weeks of being down.

SCIUTTO: Folks at home may not be aware, I know, because this is the nature of your business, you're aware, ransomware attacks like this happen all the time, targeting a whole host of companies big and small. Basically, folks say, we shut your system down or we can or we've stolen information from you. We're going to sell it on the dark web or keep you shut down until you pay us money.

But this is the biggest to have an impact on a major piece of U.S. infrastructure. How significant in your view?

LEE: Yes, absolutely. So, it is the largest cyber attack in terms of an energy infrastructure back here in the United States. And so that is very disruptive and it is something that is going to get a lot of questions in Congress and elsewhere.

But as you noted, all of our industries are going through some level of a digital transformation, which means they're becoming more and more connected and taking advantage of things, like Cloud resources.


That connectivity allows adversaries opportunity to come into those systems and compromise them in these ways. We regularly respond to events on the operation side of the house, and they're backing more and more common.

SCIUTTO: Everybody is clearly vulnerable, right, because you have had government agencies right up to the NSA, right, the State Department vulnerable. Major -- even security firms -- well, I.T. firms like SolarWinds serves as a backbone of a lot of operations, cities, governments, police departments here in D.C. Who's doing it right? I mean, it just seems that every other day you hear of an attack like this and you almost throw your hands up in the air saying no one is properly protecting themselves.

LEE: Yes, and just goes to the fact that the folks that are doing really well don't get in the news. Since we never hear about those cases, there is a lot of effort across a wide variety of the industries that do well, but you're spot on. Everybody is vulnerable. We're going to experience attacks.

The real question is how can we be more responsive and more resilient in the face of those attacks so that the consequence doesn't impact our daily lives.

SCIUTTO: There is now responsibility assigned to this Russian hacking group. And, by the way, there are loads of these non-state actors around and they like to make money and they carry out these attacks, but we know the way Russia operates. And I had a former DHS official on last hour who says, listen, the Russians know about these groups. They wouldn't be able to operate without the tacit approval of Russia.

From your perspective, should we delineate any difference between a Russian criminal gang and the Russian government acting here?

LEE: To be real specific, we should, to some degree, as it relates to policy actions. But there is a spectrum of responsibility, as you noted. And if countries are not enforcing the rules, whether it is Russia, China, Iran, Brazil, wherever, if they're not enforcing the rules and making sure that they take care of their criminal sector, there is some culpability to that state government regardless of whether they're involved or not. However, to your point, a lot of these foreign intelligence services and militaries take direct advantage of these criminal groups, leverage their capabilities, leverage their access. And so there is that symbiotic relationship that the United States government would be appropriate to look at and see if there can be some accountability on it.

SCIUTTO: Also it gives them nice plausible deniability perhaps on some of these attacks.

LEE: Correct.

SCIUTTO: Before I let you go, once again, we're going to see yet another American administration struggle with the response here. They're going to sit down, they're going to get everybody around a table, they're going to pick maybe some, you know, sanctions and some new security measures and so on. But we have seen that. We saw that under Trump, we saw that under Obama. And the attacks continue both from state and non-state actors.

Again, from your seat, is there something that government is not doing to prevent these either defensively or offensively?

LEE: Yes. So there is a lot of things the government is doing well and engage in the community. There's the recent 100-day action plan focused on energy sector about increasing the visibility of detection of these cyber attacks. That's a great effort.

However, every time these attacks happen, we talk about what is the government doing, what can government do more, why aren't they doing more? And the reality is a lot of this is the responsibility of our companies.

Now, they're victims. We shouldn't blame them for the attacks. However, there is investments that is needed inside these companies both on their enterprise networks as well as their operations networks. Government simply can't scale to trying to make those investments for each and every company.

What the government could do though is being consistent in the messaging out to these community on what that right investment looks like and enabling them to make those investments.

SCIUTTO: Yes. And then, I guess, bottom line is you're only as strong as your weakest link. Rob Lee, great to have you on. Sadly, I'm sure we're going to be talking again about something like this.

LEE: Yes, probably so, but thanks for having me.

SCIUTTO: Well, the pipeline attack underscores the vulnerabilities of a whole host of features of America's infrastructures, and it comes at a crucial time.

HARLOW: President Biden is pushing his infrastructure plan this week. He is meeting with key Democrats and Republican lawmakers. Our White House Correspondent John Harwood is with us. I mean, John, the pipeline is case in point, right, but that's a privately held company.

It's not clear this executive order, the White House is considering would actually cover it. And you've got 85 percent of critical infrastructure in the U.S. owned by private companies. Is that going to alter the discussions the president has this week about what infrastructure looks like going forward?

JOHN HARWOOD, CNN WHITE HOUSE CORRESPONDENT: I think so, Poppy. I think it dramatizes the vulnerability that we are experiencing, that Jim talked about, we have recurrently experienced. And the American jobs plan, which embodies most of the physical infrastructure improvements that the Biden administration is proposing talks about protecting infrastructure against various threats. But the threat that they talk about most often is the threat of climate change and extreme weather events.


Cyber threats are a clear and present danger as well for sure. And you can bet when they are having those negotiations with the bipartisan, bicameral leadership of Congress on Wednesday and the Republicans who are potential compromise partners for Joe Biden on an infrastructure plan on Thursday, you can bet that this is going to be something that gets a much greater emphasis than it has so far.

SCIUTTO: All right. So we're just past 100 days in the Biden administration, but 2024 already coming up and the White House chief of staff, Ron Klain, saying that Joe Biden talking about seeking reelection in 2024 and a rematch. What are you hearing?

HARWOOD: Well, first of all, as you indicated, it is way premature to assume that either Joe Biden or Donald Trump are going to be in this race against one another. But at this stage, since we're playing fantasy football, both sides are trying to position themselves, and you see Donald Trump speaking at Mar-a-Lago, talking about how strong he's going to be, especially if Republicans take back the congress. And Ron Klain, the White House chief of staff, is trying to make clear we're not intimidated by that because we're going to have a scoreboard of the Trump record and the Biden record to compare. Take a listen to Ron Klain.


RON KLAIN, WHITE HOUSE CHIEF OF STAFF: Incumbent presidents are judged on their record. President Trump had a bad record in 2020. Joe Biden is hopefully assembling a powerful record to run on if he runs for re-election in 2024.

UNIDENTIFIED MALE: So that should easier to run against him this time?

KLAIN: I wouldn't want to estimate or underestimate Donald Trump as an opponent if he chooses to run.

(END VIDEO CLIP) HARWOOD: The only thing we can say for sure at this point, guys, is that Donald Trump never reached 50 percent popularity during the presidency. He lost re-election. Joe Biden stands today in the average of polls at about 53 percent, net positive of 13 points. That is not a bad beginning. It's not an overwhelmingly dominant tableau that he presents against potential challengers, but he's in solid shape so far.

HARLOW: Fantasy football on a Monday morning, thanks for playing with us, John Harwood, we appreciate it.

Well, still to come this hour, the fight against vaccine hesitancy, what we're learning about the people who are not yet willing to get a vaccine shot and why it's so challenging to reach them.

SCIUTTO: Plus, Liz Cheney's constituents respond as her House leadership role hangs in the balance. We're going to speak live with a Republican from Wyoming who worked for Cheney for years.

Then later, the winner of the Kentucky Derby now in doubt after failing a drug test. The horse's trainer, he claims a different story.



HARLOW: So far, nearly half the country has gotten at least one dose of a COVID-19 vaccine, but the vaccination rate is slowing by the day. Just a few weeks ago, the U.S. was vaccinated more than 3 million people a day. Today, it's down around 2 million.

SCIUTTO: Not because they can't, just because people are not asking for it, or at least less are.

CNN Senior Political Writer and Analyst Harry Enten joins us now. So, Harry, this new Kaiser Family Foundation poll shows more than a third of U.S. adults not rushing to get the vaccine. I've been watching these numbers closely because it seem like that number was thinning, was shrinking, the hesitant group. Is it now bigger than we might have guessed?

HARRY ENTEN, CNN SENIOR POLITICAL WRITER AND ANALYST: Well, what I would say is, first off, we -- right now, if you look across the polling, you see rather consistent numbers. That is about two-thirds of Americans say they've either gotten the vaccine or they want it as soon as possible.

Then I think you have to breakdown that group hasn't gone into two groups. The wait and see group, which I call the vaccine hesitant group, and then the people who say that they're definitely not going to get the vaccine or only get it if required, that's the vaccine resistant group. That wait and see group, that 15 percent, has been dipping lower and lower and lower and going into the getting a dose or wanting it as soon as possible. But that 19 percent that definitely don't want it has been very consistent. That 20 percent have been vaccine resistant.

The key going forward is that vaccine hesitant group, can we continue to see a drop down that wait and see? And if we can, then we can, in fact, get close to around four-fifths of the population with a vaccine. But right now, that is the work that is cut out for us.

HARLOW: Harry, you also looked into the political breakdown of the wait and see group. And there is an interesting notable shift in that.

ENTEN: Yes. So, look, again, I think a lot of people hear, oh, the vaccine, you know, hesitant group, that is a very, very Republican group. That is not, in fact, the case. That is much more so for the vaccine resistant group. The wait and see group, that vaccine hesitant group, is not overwhelmingly Republican. In fact, according to the latest Kaiser Family Foundation poll, what you see is they're basically split, right?

41 percent say they're Democratic or Democratic-leaning independents, 39 percent say the Republican or Republican-leaning independent. So they're basically split down the middle there, where about half of them are Democrats, half of them are Republicans among those who choose a party.

And this, I think, is important going forward, because I think there's been all this attention saying, you know, we need Donald Trump to address this group. Republicans are the problem. We need this message from Republican leaders to say, get out, your folks need to get vaccinated. But, in fact, I'm not necessarily sure that will work so well because there are a lot of Democrats who are in that group.

SCIUTTO: Other finding in this interesting, nearly half of the people vaccine hesitant either didn't vote, voted third party or wouldn't disclose who they voted for.


What's the significance of that?

ENTEN: The significance to me is pretty simple, right? If we treat this like a political campaign where we're trying to get people to get out and vote with traditional messages, we will lose. We need to treat this much more differently. There are a lot of people who don't vote nearly 50 percent in that vaccine hesitant group say they, in fact, didn't vote or voted for third party. If we just go after the Trump voters, we're going to lose. We need to go after these people who are untraditional folks who we might reach through a normal political campaign.

HARLOW: Thank you, Harry.

SCIUTTO: Harry Enten, always good to have you on breaking it down.

ENTEN: I try my best.

HARLOW: If people could hear you two about the Mets in the commercials, I mean, seriously. SCIUTTO: They don't want to hear it.

ENTEN: It's all bad. No one wants to hear that. That's a negative thing. Monday should be smiles and happiness.

HARLOW: Okay, all rainbows and unicorns. Thanks, gentlemen. Thank you, Harry.

Let's bring in Dr. Amy Compton-Phillips, the chief clinical officer for Providence Health Systems. So, Doctor, let's begin where we just left off with Harry, not on the Mets, but on his point about if you want to sway that wait and see group on a vaccine to get a vaccine, you can't treat it like a political campaign. What should we do?

DR. AMY COMPTON-PHILLIPS, CHIEF CLINICAL OFFICER, PROVIDENCE HEALTH SYSTEM: Well, you know, Dr. Murthy, our surgeon general, had a framework that actually says, vaccine hesitancy can be addressed by three things, confidence, motivation and access.

Confidence is about the data but also about social influence. We now have hundreds of millions of people who have gotten these vaccines. We know they're safe and effective. Now, we need to use social influence to instill confidence.

Motivation is about making sure that there is benefits to getting the vaccine, that we know it protects ourselves and our loved ones, but maybe there actually needs to be benefits so you can get in to see those Mets games because you've got the vaccine and you have prove that you have the vaccine.

And then access, how do we make it easy and simple so they can get them vaccines wherever you are, that they are out into the community. You don't have to go into a mass vaccination site but they're actually local for you and simple and easy to be able to get. And I think we can actually start chipping away at some of that hesitancy.

HARLOW: And also a lot of the critique has been even of the Biden administration, you need to better sell to folks what they get to do when they're fully vaccinated, right? You mentioned the Mets. Our neighbors are huge Mets fans. I ask them, can you grab a package outside of our place, they said, sorry, we're at the Mets game, like they get to do that now. And there is more, eating inside without a mask, with friends, et cetera. Listen to this on that front from Dr. Fauci.


GEORGE STEPHANOPOULOS, ABC NEWS HOST: Former head of the FDA Scott Gottlieb says it's time to start relaxing the indoor mask mandates. Is he right?

DR. ANTHONY FAUCI, DIRECTOR, NATIONAL INSTITUTE OF ALLERGY AND INFECTIOUS DISEASES: No, I think so. And I think you're going to probably seeing that as we go along and as more people get vaccinated. The CDC will be, you know, almost in real-time, George, updating their recommendations and their guidelines. But, yes, we do need to start being more liberal as we get more people vaccinated.


HARLOW: Would you nudge the CDC in that more liberal arena in terms of guidance?

COMPTON-PHILLIPS: I do think there needs to be benefits for people who have been vaccinated, and that means having businesses be allowed to say, if you are vaccinated, you get to not wear a mask when you come on to our site, or you get to come on to our site. I know that's what some of the cruise lines are doing now, that you have to have proof of vaccination to be able to take a cruise.

And those kinds of benefits are really good. As we were joking around our family this weekend, we think there needs to be a contest that the state with the highest vaccination rates gets 10 percent off their taxes next year, you know, something --

HARLOW: Yes, sure. I mean, that's quite incentive. There is, you talk about states though. There are a handful of states that are actually seeing the federal government this morning, no, send us less vaccine. States including Wisconsin, Illinois, Iowa, because they don't need it, right? Should these numbers concern us?

COMPTON-PHILLIPS: Well, they should. You know, there are other countries that are a little ahead of us in the vaccine rates. Take (INAUDIBLE), for example, and they had a very high vaccination rate, over 60 percent of their population, which is significantly higher of the adults then were vaccinated, and they are having an outbreak. Because it turns out that if you don't get to herd immunity, the vaccine can take hold in a community.

And around the globe, we're not going to have COVID under control for a while. So if we don't get to herd immunity here in the U.S., travelers from abroad are going to come and we're going to continue to have hot spots and outbreaks as we go along.

Herd immunity is really important, which means we need to get all adults vaccinated. And as soon as we can, kids up to the -- over the age of 12, as soon as that's approved.

HARLOW: Maybe by this next or later this week. Dr. Amy Compton- Phillips, thank you so much. Jim?

SCIUTTO: Coming up next, new chapter in the Republican family feud, if you want to call that, House Minority Leader Kevin McCarthy chosen sides.


Can the party settle its differences and unite? It doesn't look like it.


HARLOW: The House GOP rift could come to a head in a vote as soon as this Wednesday. It is now looking more likely that the number three in Republican leadership in the House, Liz Cheney will lose that seat.


SCIUTTO: This as the number one House Republican and leadership, at least, Kevin McCarthy has publicly endorsed her replacement.