CHARLOTTE, N.C. (FOX 46) – The top dog for Colonial Pipeline apologized and defended his company’s response to the cyber attack that crippled the east coat’s fuel supply at a Senate hearing Tuesday.
Joseph Blount’s testimony comes weeks after panic at the pump had more than 70 percent of gas stations shut down in North Carolina.
“We are deeply sorry for the impact that this attack had,” said Blount. “We had cyber defenses but the unfortunate reality is those defenses were compromised.”
Blount said the decision to pay the $4.4 million ransom and keep it secret was one of the hardest he’s ever had to make. The FBI’s position is that ransoms should not be paid because it encourages further hacks.
Federal authorities were able to recover $2.3 million in cryptocurrency given to the international extortion group known as Darkside.
“The attack forced us to make difficult decisions in real-time that no company ever wants to face,” said Blount. “But I am proud of the way our people reacted quickly to contain the attack so we could get the pipeline back up and running safely.”
The decision to pay the hackers was made on the first day of the hack, Blount said, adding that the price was negotiated and paid on the second day.
“I know how critical our pipeline is to the country,” he said. “And I put the interest of the country first.”
Blount says Darkside got in through a compromised password from an old virtual private network that did not have two-factor authentication, which the company’s normal VPN uses.
“The legacy VPN profile that was exploited was not intended to be in use,” a company spokesperson said. “It did not have the intended security protocols that are in place on our current VPN profile.”
In the months prior to the attack, Colonial Pipeline posted a job for a “cyber security manager.” It was also dealing with at least a one million gallon fuel leak in Huntersville.
“The cybersecurity position was not created as a result of the recent ransomware attack,” a company spokesperson said. “We have several positions open as part of our longer-term growth strategy around talent, as we are constantly recruiting top-tier talent across all functional areas of our business. The position to support cybersecurity would be an example of that. This is a role that we have been looking to add in an effort to continue building our current cybersecurity team.”
“Did you have a plan for cyber security response that included guidance about ransomware?,” asked Sen. Maggie Hassan (D-NH).
“Senator, specifically, no,” said Blount. “No discussion about ransom and action to ransom.”
“I don’t think it’s acceptable to understand the critical nature of your product,” said Hassan, “but then not really have the preparation and the system in place to protect it as if it’s critical infrastructure.”
“Senator, we take cyber security very seriously,” Blount responded.
The company says the hack did not impact spill cleanup efforts in Huntersville.
“Colonial’s product recovery and environmental remediation efforts in Mecklenburg County were not impacted by the cybersecurity attack on our company,” a company spokesperson said. “The most important aspect of our response — which is protecting public safety, restoring the natural environment and recovering free product — has been ongoing and remains a 24/7 operation.”
Charlotte cyber security expert Chris Furtick with Fortalice Solutions says the takeaway is to make sure your systems are safeguarded.
“Passwords are technology from long ago but they’re antiquated now,” said Furtick. “Multi-factor [authentication] is the way to go for any type of remote connections. But we also suggest it for folks with email or financial logins.”
Blount says he hired experts to help improve cyber security and there is no indication Darkside could have taken control of the pipeline itself. At least one lawmaker expressed concern that it could be a vulnerability for those who want to cause more than just financial harm.
South Carolina Congressman Ralph Norman will question Blount on Wednesday during the House’s hearing. He says Congress needs assurances that critical networks are hardened to prevent future attacks.
“We have taken cybersecurity seriously, but in the wake of this incident and the evolving nature the threat landscape, we are fully committed to increasing our efforts,” a Colonial Pipeline spokesperson said. “That’s why we’ve hired an industry leader in Mandiant, as well as Dragos’s Rob Lee, a world-class OT expert, and John Strand from Black Hills Security, another renowned expert in cybersecurity, to not only investigate our incident but to take a holistic assessment of our approach to cybersecurity. The guidance that will be provided from this team of best-in-class experts will drive our focus and the associated investments to strengthen our defenses.”
Rep. Ralph Norman Response
Congressman Ralph Norman (R-SC) sent FOX 46 the following statement. He sits on the House committee that will question Blount on Wednesday.
“Recent cyber-attacks, including the one on Colonial Pipeline last month, should send shockwaves through every corner of our nation. Cybersecurity is a difficult endeavor, and not every attack can be prevented. But organizations that either fail or refuse to prioritize strong cybersecurity efforts – as a matter of critical importance – should not be surprised when they are the next victim. To every extent possible, Congress needs assurances that those networks which affect the lives and safety of Americans are hardened against these types of attacks.”
Watch the full hearing HERE.
Read the DOJ News Release HERE.