By Stephanie Kelly and Jessica Resnick-Ault
NEW YORK (Reuters) -The Colonial Pipeline hack last month represents the growing threat from cyberattacks on U.S. infrastructure and the necessity of a comprehensive plan from the government and companies to address such threats, Senators said in a hearing on Tuesday.
A U.S. Senate committee was convened to examine threats to critical infrastructure and the Colonial Pipeline cyberattack that shut key conduits delivering fuel from Gulf Coast refineries to major markets on the East Coast.
Beyond Colonial, meatpacker JBS has faced cyberattacks that impacted U.S. plants, showing the breadth of infrastructure facing cyber threats.
The Colonial hack, attributed by the FBI to a gang called DarkSide, caused a days-long shutdown that led to a spike in gasoline prices, panic buying and localized fuel shortages.
Senators questioned Colonial Pipeline Chief Executive Joseph Blount about whether the company was sufficiently prepared for a ransomware attack and the company’s timeline for responding to the attack. Some suggested Colonial had not sufficiently consulted with the U.S. government before paying the ransom against federal guidelines.
Colonial did not specifically have a plan for a ransomware attack, but did have an emergency response plan, Blount told the committee. The company reached out to the FBI within hours of the cyber attack, he said.
He said the system was protected with a complex password. “It wasn’t just Colonial123,” he said.
Security experts say two-factor authentication, which requires a secondary measure to confirm an individual password like a mobile text or hardware token, should be a basic and standard security precaution. Most major companies require two-factor across all internal applications. The use of a single factor login system, security experts say, is generally viewed as a sign of poor cybersecurity “hygiene.”
Blount said he made the decision to pay ransom, made the decision to keep the payment as confidential as possible because of concern for security.
“It was our understanding that the decision was solely ours to make about whether to pay the ransom,” he said.
U.S. Deputy Attorney General Lisa Monaco on Friday urged companies to tell federal authorities whether they paid ransom to cyberattackers, saying such information can help investigators.
However, Blount said even after getting the key from the hackers, the company is still continuing to recover from the attack and is currently bringing back seven finance systems that have been offline since May 7, he said.
The Justice Department on Monday said it had recovered some $2.3 million in cryptocurrency ransom paid by Colonial Pipeline.
Colonial Pipeline previously had said it paid the hackers nearly $5 million to regain access. The value of the cryptocurrency bitcoin has dropped to below $35,000 in recent weeks after hitting a high of $63,000 in April.
As a result, the government recovered about 60 of the 75 bitcoin paid, but the value has dropped, falling short of the total dollar amount Colonial paid.
Bitcoin seizures are rare, but authorities have stepped up their expertise in tracking the flow of digital money as ransomware has become a growing national security threat and put a further strain on relations between the United States and Russia, where many of the gangs are based.
(Reporting By Stephanie Kelly and Jessica Resnick-Ault, additional reporting from Christopher BankEditing by Marguerita Choy)