Energy

Colonial Pipeline CEO grilled over ransomware attack


Colonial Pipeline President and CEO Joseph Blount was grilled by lawmakers Tuesday on his decision to pay hackers in a ransomware attack that forced a temporary shutdown of operations — and led to gas shortages in parts of the country.

During a sometimes-tense Senate Homeland Security and Governmental Affairs Committee hearing, Blount indicated that the company did not consult with the FBI and other agencies before it paid the equivalent of $4.4 million in bitcoin to regain control of its systems. 

“It was our understanding that the decision was solely ours as a private company to make the decision about whether to pay or not to pay,” Blount said in response to a question from Sen. Gary PetersGary PetersHillicon Valley: Facebook to resume some political donations | Microsoft says Russian hackers utilized email system used by USAID to target other groups | Senate confirms Biden’s top scientist Khanna, Mace introduce bill to strengthen federal cyber workforce following major hacks Postal Service sees chance to turn the page after tumultuous year MORE (D-Mich.), the panel’s chairman.

“Considering the consequences of potentially not bringing the pipeline back on as quickly as I possibly could, I chose the option to make the ransom payment,” he said.

Blount apologized for the impact of the attack but stressed that he had no regrets.

“I believe with all my heart it was the right choice to make,” Blount testified. 

Colonial provides 45 percent of the East Coast’s fuel. Shortages were seen in several states for more than a week following the shutdown. 

Blount’s testimony came a day after Justice Department officials announced that they had recovered the majority of the ransom paid by Colonial to the DarkSide ransomware group.

Senators on both sides of the aisle criticized Blount, pointing out that the FBI and other agencies recommend against paying a ransom as it can encourage criminals to carry out future attacks and the funds could be used for criminal activities. 

“I am glad your company was able to recover from this malicious attack and that the FBI was able to recover millions of dollars in ransom paid, but I am alarmed that this breach ever occurred in the first place, and that communities from Texas to New York suffered as a result,” Peters said.

Committee ranking member Rob PortmanRobert (Rob) Jones PortmanBipartisan group prepping infrastructure plan as White House talks lag On The Money: White House sees paths forward on infrastructure despite stalled talks | Biden battles Dem divides | FBI seizes bitcoin ransom paid by Colonial Pipeline White House sees paths forward on infrastructure despite stalled negotiations MORE (R-Ohio) asked Blount whether the DarkSide hackers were on the Treasury Department’s sanctions list. Blount insisted that legal representatives had repeatedly checked the list before paying a ransom. 

“This is about looking forward, how do we avoid the situation where sanctioned individuals or entities are getting a ransomware payment, which is a violation of federal law,” Portman warned. 

This criticism was compounded by new details on Colonial’s security revealed Tuesday. Blount testified that multifactor authentication was not used to secure the account suspected to have been exploited by hackers to gain access to company systems and that there was no plan in place to respond specifically to a ransomware attack. 

“My concern is how unprepared Colonial Pipeline was,” Sen. Maggie HassanMargaret (Maggie) HassanSchumer faces cracks in Democratic unity 9 Senate seats most likely to flip in 2022 Biden budget includes 0M to help agencies recover from SolarWinds hack in proposed budget MORE (D-N.H.) told reporters following the hearing. “I have small school districts in New Hampshire that are more prepared than Colonial Pipeline appeared to be, and that’s really concerning.”

“When critical infrastructure is run by a private entity there need to be some rules and some frameworks to make sure that the interests of the American people are served,” she added. 

Blount stressed that Colonial had learned from the attack and was pouring resources into cybersecurity, including periodic system penetration tests and security audits.

“The safety and security of the system is highly critical. We have never had our board deny us any funds associated with safety and security, whether it’s with the IT or the physical side of the pipe,” he testified. “If my CIO wants funds, she gets it.”

Blount received a number of tough questions from Democrats, while his reception from Republicans was mixed. Some GOP senators emphasized that Colonial was a target, while others pressed him for information on cybersecurity. 

“I want to start out by again emphasizing … that you were the victim of a crime. You’re not the bad guy here,” said Sen. Ron JohnsonRonald (Ron) Harold JohnsonThe Hill’s Morning Report – Presented by Citizens’ Climate Lobby – Biden floats infrastructure, tax concessions to GOP Ron Johnson ‘undecided’ on running for reelection Biden ‘allies’ painting him into a corner MORE (R-Wis.). 

Meanwhile, Sen. Josh HawleyJoshua (Josh) David HawleyFauci hits back at GOP criticism over emails: ‘It’s all nonsense’ Biden ‘very confident’ in Fauci amid conservative attacks Stanford reverses, allows student who mocked Federalist Society to graduate MORE (R-Mo.) sought to contrast the company’s dividends given to investors with its spending on cybersecurity. 

In response to his question on how much the company was spending on cybersecurity, Blount said it had spent more than $200 million on its IT systems over the last five years, although it’s not clear how much of that spending was specifically for cybersecurity. 

“What are you doing in terms of your investment for cybersecurity? I know you’re paying your investors well,” Hawley said. 

During the line of questioning, Blount said that the company’s owners include Koch Industries and a division of Shell. 

After the pipeline’s shutdown, a peak of more than 16,000 gas stations were without gas, according to tracking website GasBuddy, and there were points where more than half of gas stations were out of fuel in several Southern states. 

Analysts largely linked the outages to panic-buying and hoarding that followed reports of the shutdown, rather than the shutdown itself. 

The attack on Colonial came amid a growing number of cyberattacks that have hit hospitals, health care groups and schools. 

Ransomware attacks have become a particular concern, and over the past month targets have included food processor JBS USA and a major ferry operator in Massachusetts.

The Biden administration has taken notice, with the Justice Department standing up a ransomware task force in April to address the incidents and the Department of Homeland Security making ransomware a priority issue. 

President BidenJoe BidenBiden DOJ adopts Trump’s liability stance in E. Jean Carroll defamation suit Boston mayor fires city’s police commissioner months after domestic abuse allegations emerge Book claims Trump believed Democrats would replace Biden with Hillary Clinton or Michelle Obama in 2020 election MORE is set to address the issue with Russian President Vladimir PutinVladimir Vladimirovich PutinOvernight Defense: Supreme Court declines to hear suit challenging male-only draft | Drone refuels Navy fighter jet for the first time | NATO chief meets with Austin, Biden US recovers millions in cryptocurrency paid to Colonial Pipeline hackers Biden invites Ukraine’s president to the White House MORE later this month at an in-person summit, as both the attacks on Colonial and JBS were linked by the FBI to criminal groups based in Russia. The nation was also sanctioned by Biden for the government’s alleged involvement in carrying out the SolarWinds hack last year, which compromised nine federal agencies.

Capitol Hill is continuing to zero in on concerns with ransomware, with Blount set to testify again Wednesday on the Colonial ransomware attack before the House Homeland Security Committee. 

Peters told reporters Tuesday that his committee is working on “comprehensive legislation” to address ransomware attacks and other cyber threats. He stressed at the hearing the need to get a handle on the threat and to prevent disruption to daily life.

“I think every member on this committee agrees that this committee will focus our collective attention and resources on dealing with this problem,” Peters testified. “Cyberattacks used to be merely an inconvenience. We now know they are becoming attacks on our very way of life.”





READ NEWS SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.