The CEO of Colonial Pipeline says that paying a ransom to Russian hackers was one of the toughest decisions he has ever made. He answered questions from the Senate Homeland Security Committee.
Lawmakers are looking for solutions in the wake of the ransomware attack that crippled the Colonial Pipeline for nearly a week. CEO Joseph Blount Jr. says that they are still working to repair damaged systems.
According to Blount, “It takes months and months and months and in some cases, what we’ve heard from some other companies that have been impacted, years to restore your systems. Our focus that first week was to restore the critical system that we needed on the IT side in order to safely and securely bring our pipeline system back up.”
Colonial was able to alleviate some of the fuel shortages by operating small portions of the pipelines manually, but Blount says that they lack the workforce to be able to run the full system.
“If you look at the aging workforce now, a lot of those people that did operate Colonial Pipeline and other infrastructure in America, historically, manually, they’re retiring or they’re gone,” he explains. “Fortunately, we still have that last bit of that generation which allowed us to do what we did during this particular event.”
Republican Senator James Lankford says that the Colonial shutdown should encourage more pipeline development to prevent fuel shortages.
“I’ve told a lot of folks what we watched happen with the sudden shutdown of a pipeline is the ‘Ghost of Christmas Future’ for the entire country if we don’t continue to maintain our pipelines, increased capacity of pipelines, if we don’t continue to expand and have a duplication of pipelines in spots to make sure we have redundancy for this,” Sen. Lankford explains.
Blount also shared his advice for other companies.
“If you wind up in a situation like we found ourselves on May 7th, have an emergency response process that allows you to respond quickly and, most importantly, to be extremely transparent in the contact with the authorities, who indeed do have resources that potentially could help you through a very, very difficult process,” he adds.
Chairman Gary Peters wrapped up the hearing saying the Colonial Pipeline experience could form the basis for new cybersecurity mandates for critical infrastructure companies, something Blount seemed open to during the discussion.
Just weeks after the pipeline hack, the world’s largest meat processor was hit.
Ag Secretary Tom Vilsack says that USDA is working with industry leaders and livestock processing plants to update security.
“We have begun a process of educating and working with the industry to let them know the steps that need to be taken that will allow them to shore up their operations. Certainly, JBS learned a few things from this incident. I would say that they have recovered in a relatively quick period of time,” the Secretary stated.
JBS has not said if it paid the ransom. Lawmakers say that the official government position is not to pay.
Related:
Colonial Pipeline confirms it paid $4.4 million to hackers
America’s infrastructure is showing its age
USDA warned weeks prior to JBS hack
JBS hack amplifies need for cattle industry reform