The CEO of Colonial Pipeline is set to testify to lawmakers next month after a cyberattack caused a six-day shutdown of the pipeline that delivers nearly half of all the diesel and gasoline consumed on the East Coast of the United States.
Joseph Blount, who has run the Colonial Pipeline company for nearly four years, will appear in a virtual hearing before the House Committee on Homeland Security called “Cyber Threats in the Pipeline: Using Lessons from the Colonial Ransomware Attack to Defend Critical Infrastructure” on June 9, committee chairman Rep. Bennie Thompson announced Thursday.
The Colonial Pipeline attack — which the FBI attributed to a criminal gang called DarkSide — was done using a relatively unsophisticated form of ransomware, but it caused gas shortages, price spikes and a rush of consumers heading to the pumps out of fear that the outages would last.
“Congress must have a complete understanding of what happened on Colonial Pipeline’s networks, how it made decisions related to network operations and ransom payments, and how it leveraged support from the Federal government and private sector,” Thompson said in a statement.
Colonial Pipeline said on Saturday that its pipeline system had fully returned to “normal operations” — just over a week after it took itself offline in the wake of the attack. The company initially halted operations because its billing system was compromised in the attack and it was concerned it wouldn’t know how much to bill customers for fuel they received, people briefed on the matter said.
On Wednesday, Blount told The Wall Street Journal that the company paid a $4.4 million ransom to the hackers in order to get the pipeline back up and running quickly. Cybersecurity experts typically caution against making ransom payments because they fund criminal hacking groups (although, in some cases, companies may have few other choices).
In the midst of the shutdown, Biden administration officials privately voiced frustration with what they see as Colonial Pipeline’s weak security protocols and a lack of preparation that could have allowed the ransomware group DarkSide to carry out the attack, officials familiar with the government’s initial investigation into the incident said.
Over the past two weeks, members of the Homeland Security Committee have also met with officials from the Colonial Pipeline company and from government agencies including the Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency and the Office of the Director of National Intelligence.
There is growing awareness on Capitol Hill of the need to gird against cyber threats to critical US infrastructure. The Colonial Pipeline attack followed two other major cybersecurity incidents — the Solar Winds breach and the Microsoft Exchange hack — in recent months.
In the days following the Colonial attack, US President Joe Biden signed an executive order aimed at strengthening the government’s cyber defenses.