Lankford Questions Colonial CEO on Cyber Attack
The top executive of Colonial Pipeline told Senator James Lankford and others on a Senate committee hearing that the hackers behind a cyber-attack that disrupted U.S. fuel supplies last month were able to get into the company’s computer system by stealing a single password.
During a hearing conducted by the Senate Homeland Security Committee, Colonial Pipeline Chief Executive Officer Joseph Blount explained the attack happened using a legacy Virtual Private Network, or VPN, system which did not have multifactor authentication.
Lankford’s questions focused on what information can be passed on to other companies so they can address their own vulnerabilities and prevent cyber-attacks on their systems.
“What else has been identified that you need to be able to take on and to pass on to others?” Lankford asked.
“Again, I think the most important thing is to not be complacent about what you have because of the pace of change on the outside from the criminal side, and then secondary to that, and equally as important is the ability to have an emergency response process in place,” Blount replied. “If we had not been trained for the last 57 years to respond to any threat, whatever that threat is. It’s an extension cord on the ground that hasn’t been taped down that someone might trip over and hurt themselves. If we hadn’t been trained like that and our employees hadn’t been trained by that, who knows how many days it would have taken to bring the asset back online?”
Also during the hearing, Blount said the company paid the $5 million ransom just one day after Russian-based cybercriminals hacked the firm’s network.
The company learned of the hack at 5 a.m. on May 7 when an employee discovered the ransom note on the company’s shared internal drive. Blount said by 5:55 a.m. the firm started shutting down its pipeline and by 6:10 a.m. all 5,500 miles were shut down.