Colonial Pipeline CEO tells Senate cyber defenses were compromised ahead of hack

Joseph Blount, JR., President and Chief Executive Officer, Colonial Pipeline is sworn in as he attends a hearing to examine threats to critical infrastructure, focusing on examining the Colonial Pipeline cyber attack at the U.S. Capitol in Washington, U.S., June 8, 2021. Andrew Caballero-Reynolds/Pool via REUTERS

By Stephanie Kelly and Jessica Resnick-Ault

NEW YORK (Reuters) -Colonial Pipeline Chief Executive Joseph Blount told a U.S. Senate committee on Tuesday that the company’s cyber defenses were in place, but were compromised ahead of an attack last month.

The hearing was convened to examine threats to critical infrastructure and the Colonial Pipeline cyber attack that shut the company’s major fuel conduits last month.

The hack, attributed by the FBI to a gang called DarkSide, caused a days-long shutdown that led to a spike in gasoline prices, panic buying and localized fuel shortages. It posed a major political headache for President Joe Biden as the U.S. economy was starting to emerge from the COVID-19 pandemic.

Senators questioned whether Colonial was sufficiently prepared for a ransomware attack and the company’s timeline for responding to the attack. Some suggested Colonial had not sufficiently consulted with the U.S. government before paying the ransom against federal guidelines.

Colonial did not specifically have a plan for a ransomware attack, but did have an emergency response plan, Blount said. The company reached out to the FBI within hours of the cyber attack, he said.

“We take cybersecurity very seriously,” Blount said. Still, he said the attack occurred using a legacy VPN (Virtual Private Network) system that did not have multifactor authentication in place.

He said the system was protected with a complex password. “It wasn’t just Colonial123,” he said.

Blount said he made the decision to pay ransom, made the decision to keep the payment as confidential as possible because of concern for security.

“It was our understanding that the decision was solely ours to make about whether to pay the ransom,” he said.

However, he said even after getting the key, the company is still continuing to recover from the attack and is currently bringing back seven finance systems that have been offline since May 7, he said.

The Justice Department on Monday said it had recovered some $2.3 million in cryptocurrency ransom paid by Colonial Pipeline.

Colonial Pipeline previously had said it paid the hackers nearly $5 million to regain access. The value of the cryptocurrency bitcoin has dropped to below $35,000 in recent weeks after hitting a high of $63,000 in April.

Bitcoin seizures are rare, but authorities have stepped up their expertise in tracking the flow of digital money as ransomware has become a growing national security threat and put a further strain on relations between the United States and Russia, where many of the gangs are based.

(Reporting By Stephanie Kelly and Jessica Resnick-AultEditing by Marguerita Choy)

Leave a Reply