Colonial Pipeline acted quickly after hack: CEO

The owner of the 2.5mn b/d Colonial Pipeline halted fuel shipments roughly an hour after it discovered a ransomware attack on 7 May and almost immediately informed the FBI of the hack, company chief executive Joseph Blount testified today before the US Senate.

Blount said the company was "deeply sorry" for the effects of last month's five-day pipeline shutdown, which led to fuel shortages and increased prices across the eastern US. But during his first appearance on Capitol Hill since the cyberattack he defended the company's response, including paying $4.4mn to the hacking group DarkSide to obtain a decryption key. The US Justice Department yesterday said it recovered most of that ransom.

"It was the hardest decision I have made in my 39 years in the energy industry," Blount said. "I know how critical our pipeline is to the country, and I put the interests of the country first."

The pipeline hack last month has become one of the most prominent ransomware attacks in the US, with lines at filling stations giving a visible example of the growing threat of cyberattacks. Democrats and Republicans asked if Colonial was underspending on cyber defenses, citing reports that dividend payments to its investors exceeded $670mn in 2018.

"What are you doing in terms of your investment for cybersecurity?" US senator Josh Hawley (R-Missouri) asked. "I know you are paying your investors well."

Blount said that Colonial had spent $200mn over the last 5 years on its "IT systems" but did not say how much of that was focused on cybersecurity. The company believes DarkSide infiltrated its computer systems by using a "compromised" password that gave it access to a legacy virtual private network that was not meant to be in use, Blount said. Cybersecurity experts typically recommend using multi-factor authentication that is more secure.

"It was a complicated password, so I want to be clear on that," Blount said. "It was not a 'Colonial123-type' password."

Some lawmakers appeared sympathetic to Colonial's decision to pay the ransom, which critics have said could give ransomware groups an incentive to target critical energy infrastructure in the future. US senator Ron Jonson (R-Wisconsin) said failure to pay could have extended the duration of the pipeline closure and asked how much "worse" the situation could have become.

"That is an unknown we probably do not want to know," Blount said. "We already started to see pandemonium going on in the markets, people doing unsafe things like filling garbage bags full of gasoline or people fist-fighting in line at the fuel pump."

Blount is scheduled to face another round of questions on the ransomware attack tomorrow, when he testifies before the US House of Representatives Homeland Security Committee.

By Chris Knight