Colonial Pipeline CEO faces grilling about ransomware attack

The head of Colonial Pipeline faced tough questions from lawmakers Tuesday about the ransomware attack on his company that caused a major disruption in the nation’s fuel supply and a run on gas stations along the East Coast.

Colonial CEO Joseph Blount’s testimony before the Senate Homeland Security Committee comes a day after the Justice Department announced it had recovered millions in ransom the company had paid to hackers.

The ransomware attack affected millions of Americans, Chairman Gary Peters, D-Mich., said to begin the hearing. “The next time and incident like this happens, unfortunately, it could be even worse.

“I’m glad your company continues to recover from this malicious attack, and that the FBI was able to recover, millions of dollars in ransom paid, but I am alarmed that this breach ever occurred in the first place. and that communities from Texas to New York suffered as a result,” Peters said.

“Make no mistake. If we do not step up our cyber-security readiness, the consequences will be severe,” he added.

In his opening statement, Blount addressed the $4.4 million ransom payment, saying it was the “hardest decision” he’s made in his career.

“I made the decision to pay, and I made the decision to keep the information about the payment as confidential as possible. It was the hardest decision I’ve made in my 39 years in the energy industry, and I know how critical our pipeline is to the country, and I put the interests of the country first” he said.

“I kept the information closely held because we were concerned about operational safety and security, and we wanted to stay focused on getting a pipeline back up and running. I believe with all my heart. It was the right choice to make, but I want to respect those who see this issue differently,” he added.

Sen. Rob Portman, R-Ohio, pressed Blount on why Colonial Pipeline would pay the ransom when it’s the policy of the FBI not to do so and whether the FBI informed Colonial of that, asking him about his company’s correspondence with the federal government on May 7.

“I was not in that conversation. I can’t confirm or deny that, but I do agree that their position is they don’t encourage the payment of ransom. It is a company decision to make,” he repeated.

“So you knew what their advice was going to be even if they didn’t provide it that day,” Portman followed up.

“Ranking Member Portman, yes sir, we did,” Blount responded.

Colonial transports approximately 45% of all fuel consumed on the East Coast. The company was up and running within days, but the slowdown meant delays still remained in the aftermath of the attack.

In May, the company admitted it paid the ransom in Bitcoin cryptocurrency.

“We needed to do everything in our power to restart the system quickly and safely. The decision was made to pay the ransom,” the company said. “This decision was not made lightly, however, one that had to be made. Tens of millions of Americans rely on Colonial — hospitals, emergency medical services, law enforcement agencies, fire departments, airports, truck drivers and the traveling public. Our focus remains on continued operations to safely deliver refined products to communities we serve.”

The company’s CEO said last month in an interview that he authorized a payment of $4.3 million to the DarkSide group only hours after the company learned of the attack because executives were not sure how long it might take to bring the pipeline back on.

“Today, we turned the tables on DarkSide,” Deputy Attorney General Lisa Monaco said at a Monday news conference. “By going after the entire ecosystem that fuels ransomware and digital extortion attacks, including criminal proceeds in the form of digital currency, we will continue to use all of our tools, and all of our resources to increase the cost and the consequences of ransomware attacks and other cyber-enabled attacks.”