The Colonial Pipeline is almost fully back online, and Russians were behind the cyberattack that shut it down late last week, triggering gas shortages and panic-induced buying, President Joe Biden said Thursday.

The pipeline operator, Colonial Pipeline Co., said late Wednesday that it had begun restarting the system but that bringing it back to full and normal operations would take “several days.”

“They should be reaching full operational capacity as we speak,” Biden said at the White House on Thursday. “We will not feel the effects at the pump immediately. This is not like flicking on a light switch.”

Citing an FBI briefing, Biden said the hackers who brought down the pipeline and demanded a financial ransom appear to be in Russia. “We do not believe the Russian government was involved in this attack,” he said. “But we do have strong reason to believe that the criminals who did the attack are living in Russia.”

[Colonial restarts pipeline amid debate over federal role]

While offshoots of the main pipeline have continued to operate since the hack late Friday, the closure sparked a push in Congress to strengthen public works projects, including other pipelines, and prompted a new chorus from the Biden administration to overhaul the country’s infrastructure in the face of natural disasters and man-made ones, namely climate change and cyberthreats.

Reps. Frank Pallone Jr., D-N.J., and Cathy McMorris Rodgers, R-Wash., the chairman and ranking member of the House Energy and Commerce Committee, which has jurisdiction over pipelines, on Wednesday night called for Congress to take up a bipartisan bill from Reps. Bobby L. Rush, D-Ill., and Fred Upton, R-Mich.

“It would directly help DOE respond to physical and cyber threats to our pipeline and LNG facilities, like in the case of Colonial,” their statement about the bill said. “This attack and ongoing outage simply underscore the vulnerabilities we have highlighted, and how crucial it is that Congress act to enhance DOE’s cybersecurity authorities so that an incident like this does not happen again.”

Infrastructure argument

Biden, who is slated to meet Thursday afternoon with Republican senators to discuss his $2 trillion infrastructure proposal, said the plan would address weaknesses that allowed the hack.

“We’ve seen critical infrastructure taken offline by floods, fires, storms and criminal hackers,” he said. “This event has provided an urgent reminder for why we need to harden our infrastructure against all threats, natural and man-made.”

Biden said of the upcoming meeting with GOP senators: “I’m willing to negotiate, but it’s clearer than ever doing nothing is not an option.”

Colonial, which transports gasoline and jet fuel through its pipeline network, paid $5 million to hackers based in Eastern Europe who broke into their system, Bloomberg reported Thursday.

Speaker Nancy Pelosi said Thursday that companies should not pay the ransom when hackers extort them.

“The point is that we don’t want people to think that there’s money in it for them to threaten the security of a critical infrastructure in our country,” she said. “They made their decision.”

Biden demurred when asked about Colonial paying the ransom.

The president last month nominated Chris Inglis to be national cyber director and Jen Easterly to be director of the Cybersecurity and Infrastructure Security Agency, or CISA, housed within the Department of Homeland Security, and urged the Senate to quickly confirm both nominees.

Acting CISA Director Brandon Wales said Thursday that Congress must pass a law requiring private companies that operate critical infrastructure, like pipelines, and other computer networks to notify the U.S. government when they suffer a cyberattack.

Wales said the agency needs “information from victims of cyber incidents so that we can share that information and raise the baseline of cybersecurity.”

“But to do that, we need Congress to take certain actions to require cyber incident notification,” Wales said.

Gopal Ratnam contributed to this report.