ABSTRACT

Cyber Threats in the Pipeline: Using Lessons from the Colonial Ransomware Attack to Defend Critical Infrastructure, Hearing Before the Committee on Homeland Security, House of Representatives, One Hundred Seventeenth Congress, First Session, June 9, 2021   [open pdf - 296KB]

This is the June 9, 2021 hearing on "Cyber Threats in the Pipeline: Using Lessons from the Colonial Ransomware Attack to Defend Critical Infrastructure," held before the House Committee on Homeland Security. From the opening statement of Bennie G. Thompson: "Last month, malicious hackers infiltrated Colonial Pipeline's network and infected its IT [Information Technology] systems with ransomware. For nearly a week, 5,500 miles of pipeline supplying 45 percent of the fuel on the East Coast was shut down, and panic buying resulted in fuel shortages in the Southeast. Since pipeline service was restored, we have learned more about what happened. We know hackers exploited an unprotected VPN [Virtual Private Network] account that was no longer in use to gain access to Colonial Pipeline's network. We know Colonial Pipeline paid the ransom demand and the FBI has since recovered most of it. We know Colonial Pipeline is hardly alone. [...] Today, our goal is to examine the cybersecurity practices in place at Colonial prior to the May 2021 ransomware attack, and assess whether other critical infrastructure operators might be similarly situated and vulnerable." Statements, letters, and materials submitted for the record include those of the following: Joseph Blount, and Charles Carmakal.

Report Number:
Serial No. 117-15
Publisher:
Date:
2021
Copyright:
Public Domain
Retrieved From:
U.S. Government Publishing Office: http://www.gpo.gov/
Format:
pdf
Media Type:
application/pdf
URL:
Help with citations