Colonial Pipeline CEO Joseph Blount told the Senate Homeland Security and Governmental Affairs Committee that his decision following last month’s ransomware attack – to shut down the company’s distribution network then to secretly pay the $4.3 million ransom demand – was made to “put the interests of the country first” by restoring the flow of fuel for essential uses. “I believe with all my heart it was the right choice to make,” Blount said. He declined to speculate about what would have happened otherwise.
When asked whether TSA should build on new requirements it has issued since, Blount suggested that established industry standards would be beneficial. Blount also addressed the company’s failure to contact CISA, stating that the FBI – whom they contacted “almost immediately” – had said they would do so, making another contact redundant.
Questioned about how the attackers were able to access their network, Blount explained that the company’s system’s were breached through a “legacy VPN” – of which Colonial’s IT staff was unaware – with only single-factor authentication, consisting of a strong, but compromised password.
Sources:
- Nextgov: Colonial Pipeline CEO: Cybersecurity Mandates From TSA Might Help
- Federal Computer Week: Colonial CEO Defends $4.3M Ransomware Payment
- Federal News Network: Pipeline CEO Defends Paying Ransom Amid Cyberattack
- Gov Info Security: Colonial CEO at Senate Hearing Details Ransomware Attack