June 09, 2021

Senator Hassan Grills Colonial Pipeline CEO on the Company’s Lack of Cyber Preparedness During Committee Hearing

WASHINGTON – In case you missed it, U.S. Senator Maggie Hassan yesterday grilled Colonial Pipeline President and CEO Joseph Blount, Jr. on his company’s cyber preparedness prior to the attack that spurred fuel shortages across the country. In response to Senator Hassan’s questioning, Mr. Blount admitted that Colonial Pipeline did not have a prior plan in place if hackers requested a ransom payment.


See below for coverage highlights:  


NBC News: Colonial CEO: We had no ransomware plan in place

By Kevin Collier


Colonial Pipeline had no specific plan for what to do in the event of a ransomware attack, its CEO said Tuesday.


Testifying before the Senate Homeland Security and Governmental Affairs Committee, CEO Joseph Blount admitted that while his company had some basic cybersecurity plans in place, it had had "no discussion about ransom" before the attack.


His comments come as U.S. institutions and companies are scrambling to guard against a rash of ransomware attacks that have hit everything from schools and hospitals to cities and major industrial players such as Colonial and meat supplier JBS.


Blount's statements drew the ire of some of the senators at the hearing.


"It is a stunning admission that Colonial Pipeline did not have a plan in place if hackers requested a ransom payment," Sen. Maggie Hassan, D-N.H., said in a statement after the hearing. "I’ve talked with small school districts in my state of New Hampshire that are better prepared for cyberattacks than Colonial Pipeline was," she said. […]


The Hill: Colonial Pipeline CEO grilled over ransomware attack

By Maggie Miller and Rachel Frazin


Colonial Pipeline President and CEO Joseph Blount was grilled by lawmakers Tuesday on his decision to pay hackers in a ransomware attack that forced a temporary shutdown of operations — and led to gas shortages in parts of the country. […]


This criticism was compounded by new details on Colonial’s security revealed Tuesday. Blount testified that multifactor authentication was not used to secure the account suspected to have been exploited by hackers to gain access to company systems and that there was no plan in place to respond specifically to a ransomware attack.


“My concern is how unprepared Colonial Pipeline was,” Sen. Maggie Hassan (D-N.H.) told reporters following the hearing. “I have small school districts in New Hampshire that are more prepared than Colonial Pipeline appeared to be, and that’s really concerning.”


“When critical infrastructure is run by a private entity there need to be some rules and some frameworks to make sure that the interests of the American people are served,” she added. […]