The top executive of Colonial Pipeline told Oklahoma U.S. Sen. James Lankford and others on a Senate committee hearing that hackers who staged a cyber attack last month disrupting fuel supplies to the U.S. southeast were able to get into the system by stealing a single password.
During the hearing by the Senate Homeland Security Committee, Colonial Pipeline Chief Executive Joseph Blount explained the attack happened using a legacy Virtual Private Network or VPN system which did not have multifactor authentication.
Lankford’s questions focused on what information can be passed on to other companies so they can address their own vulnerabilities and prevent cyber-attacks on their systems.
Click the links to observe his questioning of the witness.
(Lankford: I’ve told a lot of folks, what we watched happen with the sudden shutdown of a pipeline is the ghost of Christmas future for the entire country if we don’t continue to maintain our pipelines, increase capacity of pipelines, if we don’t continue to expand and have a duplication of pipelines in spots to be able to make sure we have redundancy for this. Pipelines are essential to America, and the two and a half million miles of pipelines we have scattered around the country, we lose track of how incredibly important they are.)
(Lankford: What else has been identified that you need to be able to take on and to pass on to others?
Blount: Again, I think the most important thing is to not be complacent about what you have because of the pace of change on the outside from the criminal side, and then secondary to that, and equally as important is the ability to have an emergency response process in place. If we had not been trained for the last 57 years to respond to any threat, whatever that threat is. It’s an extension cord on the ground that hasn’t been taped down that someone might trip over and hurt themselves. If we hadn’t been trained like that and our employees hadn’t been trained by that, who knows how many days it would have taken to bring the asset back online?)
During the hearing, Blount also said the company paid the $5 million ransom just one day after Russian-based cybercriminals hacked the firm’s IT network.
The company learned of the hack at 5 a.m. on May 7 when an employee discovered the ransom note on the company’s shared internal drive. Blount said by 5:55 a.m. the firm started shutting down its pipeline and by 6:10 a.m. all 5,500 miles were shut down.