Colonial Pipeline boss 'deeply sorry' for cyber attack

  • Published
Joseph BlountImage source, Getty Images
Image caption,
Joseph Blount said the decision to pay a ransom to hackers was the "hardest" in his 39 years in the energy industry.

The boss of Colonial Pipeline has apologised after a cyber attack took the US fuel pipeline offline last month, causing major disruption.

Joseph Blount said: "We are deeply sorry for the impact that this attack had."

Mr Blount also told Senators the decision to pay a $4.4m (£3.1m) ransom to hackers in Bitcoin was the "hardest decision" in his career.

The President and chief executive of Colonial Pipeline said in front of the Senate Homeland Security and Governmental Affairs Committee that he was also "heartened by the resilience of our country and our company".

Cyber criminal gang DarkSide - which US authorities said operates from eastern Europe and possibly Russia - infiltrated the pipeline last month. It carries 45% of the East Coast's supply of diesel, petrol and jet fuel, Colonial Pipeline says.

The attack disrupted supplies for several days causing fuel shortages and queues at pumps in states such as Georgia, North Carolina and South Carolina.

Mr Blount said on Tuesday that the decision to pay the ransom was taken the day after the attack first took place on 7 May.

Media caption,
How did a cyber-attack lead to US petrol queues?

The FBI recommends that companies do not pay criminals over ransomware attacks, in case they invite further hacks in the future.

"I made the decision to pay and I made the decision to keep the information about the payment as confidential as possible," he said.

"I believe with all my heart it was the right choice to make… but I want to respect those who see this issue differently," Mr Blount added.

He told senators that he felt paying the ransom was necessary to bring the pipeline back online as quickly as possible.

Once Colonial made a cryptocurrency payment, the company received a decryption tool so it could unlock the systems compromised by the hackers - although that was not enough to restart systems immediately.

"What a lot of people don't realise is it takes months and months… even years to restore your systems," Mr Blount said.

Although the "critical infrastructure" of the pipeline was back online within days, seven finance systems used by the firm were only restored this week, he said.

Some politicians also questioned the security measures the firm had in place.

Senator Margaret Hassan, of New Hampshire, said: "I don't think it's acceptable to understand the critical nature of your product, but not have the preparation or system in place to protect it as though it's critical infrastructure."

Hackers were able to get into the company's IT systems using a virtual private network (VPN) account, an encrypted internet connection that allowed employees to access its networks remotely.

Mr Blount said this was a "legacy" VPN that was not in use at the time, although it did not have two-step authentication in place.

He said the password that was compromised was not a simplistic "Colonial123-type password".

"We often take a look at our defences, and even though we felt comfortably historically… this threat grows every day and the sophistication of this threat grow every day", he said.