US lawmakers criticized Colonial Pipeline’s cybersecurity practices as the company’s chief executive officer faced his second day of questioning on Capitol Hill.

“If your pipeline provides fuel to 45% of the East Coast, why are you only hardening systems after an attack? Why wasn’t it done beforehand,” said John Katko, the Republican congressman from New York and ranking member of the House Homeland Security Committee, which held a hearing on Wednesday on lessons learned from the attack.

Also read: One password allowed hackers to disrupt Colonial Pipeline, CEO reveals

More From This Section

The committee hearing with Joseph Blount Jr. came after a ransomware attack early last month forced Colonial to shut down. The attack raised gas prices and caused fuel shortages across the East Coast. Blount paid a 75-Bitcoin ransom to the attackers in order to restart operations, and on Monday, the FBI announced that it had recouped 63.7 Bitcoin of this payment. Because of the declining value of Bitcoin since the ransom was paid, the U.S. seizure in late May amounted to $2.3 million, just over half the $4.4 million paid weeks earlier after the ransom was demanded.

“I hope Colonial will use the recouped money to make necessary improvements to its cybersecurity,” said Bennie Thompson, the Democratic congressman from Mississippi who chairs the committee.

Blount largely restated his comments from the day before, when he appeared before a Senate committee, apologizing for the disruption but defending his company’s response. Under questioning, he said he didn’t discuss paying a ransom with the FBI or other US agencies before making the payment.

Read more: Colonial Pipeline hack: US says majority of ransom paid now recovered

Blount told lawmakers that he expected that his company’s cyber insurance would cover the cost of the ransom.

“We will be doing a lot of things differently,” he said. “We’re headed toward a lot more hardening and a lot of different architecture than we had before mainly because we’ve been compromised and we need to change.”



Source link