Joseph Blount, the CEO of Georgia-based Colonial Pipeline, will face some tough questions when he appears before a congressional hearing next month.
In an interview published Wednesday in The Wall Street Journal, Blount acknowledged paying $4.4 million to hackers who cyberattacked his company earlier this month. Now, a host of lawmakers are lining up with questions about that decision, particularly since the FBI continues to advise companies not to pay any sort of ransom.
Paying cyber criminals $4.4 million, while freezing out the @FBI and @CISAgov, is not “good for the country.”
— Jim Langevin (@JimLangevin) May 19, 2021
I’ll have some questions about Blount’s judgement when he appears before @HomelandDems in a couple weeks.https://t.co/9P3VjFaakr
Blount said he authorized the ransom payment of $4.4 million because executives were unsure how badly the cyberattack had breached its systems or how long it would take to bring the pipeline back.
“I know that’s a highly controversial decision,” Blount said. “I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this. But it was the right thing to do for the country.”
The interview is the first time Blount or the company has acknowledged paying the ransom. He also said it will take months and cost the company “tens of millions of dollars” to fully repair the damage and restore all of its business systems.
“It is deeply disappointing that Colonial Pipeline still has not answered questions from Congress about its multi-million dollar ransomware payments to cybercriminal groups in Eastern Europe, despite discussing these payments in the press,” Rep. Carolyn Maloney, D-N.Y., the chairwoman of the House Oversight and Reform Committee, told CyberScoop.
The May 7 cyberattack locked up the company’s computer systems. The hackers didn’t take control of pipeline operations, but the Alpharetta-based company shut it down to prevent malware from affecting industrial control systems.
The Colonial Pipeline stretches from Texas to New Jersey and delivers about 45% of the gasoline consumed on the East Coast. The shutdown has caused shortages at the pumps throughout the South and emptied stations in the Washington, D.C., area.
On Tuesday, Colonial Pipeline was hit with a service interruption that was not the result of ransomware or another cyberattack. However, the company brought its systems back online within a few hours.
Blount told The Wall Street Journal an employee found a ransom note from hackers on a control-room computer on the morning of May 7. President Joe Biden said U.S. officials do not believe the Russian government was involved, but said “we do have strong reason to believe that the criminals who did the attack are living in Russia.”
Much of the U.S. pipeline infrastructure, including Colonial, is privately owned. The chairman of the Federal Energy Regulatory Commission, which oversees interstate pipelines, said this week the U.S. should establish mandatory cybersecurity standards for pipelines similar to those in the electricity sector.
“Simply encouraging pipelines to voluntarily adopt best practices is an inadequate response to the ever-increasing number and sophistication of malevolent cyber actors,” FERC Chairman Richard Glick said.
The ransomware attack should play a role as Congress considers Biden’s $2.3 trillion infrastructure proposal, U.S. Energy Secretary Jennifer Granholm said last week.
About the Author
