6:00
News Story

Colonial Pipeline CEO: ‘One of the toughest decisions I have had to make’ to pay a $4.4M ransom
By Ariana Figueroa
The CEO of Colonial Pipeline, which underwent a ransomware attack in early May that led to massive shutdowns of gas stations across the Southeast, said during a U.S. Senate hearing on Tuesday that it was his decision to pay a ransom to restore the company’s operations.
“It was one of the toughest decisions I have had to make in my life,” Joseph A. Blount Jr. said in his opening statement. “But I believe that restoring critical infrastructure as quickly as possible, in this situation, was the right thing to do for the country.”
The six-day shutdown led to panic-buying of gas, and many stations, particularly in North Carolina, ran out of fuel.
Georgia-based Colonial Pipeline paid the $4.4 million ransom to hackers, part of a cybercriminal group called DarkSide, in order to obtain a key to unlock their pipelines. The attack sparked new calls to beef up protection of the nation’s energy infrastructure.
Senate Homeland Security & Governmental Affairs Committee Chairman Gary Peters said in his opening statement that the “federal government must develop a comprehensive, all-of-government approach to not only defend against cyberattacks, but punish foreign adversaries who continue to perpetuate them or harbor criminal organizations that target American systems.”
Peters, a Michigan Democrat, then asked Blount how the federal government could help companies defend themselves from cyberattacks. Blount replied that the federal government should designate a person of contact to help private companies that are being targeted.
“Private industry alone can’t do everything on their own,” Blount, who was the only witness, said during his testimony.
Blount testified before the committee about his company’s coordination with the Cybersecurity and Infrastructure Security Agency, also known as CISA.
CISA is a standalone federal agency that operates under Department of Homeland Security oversight. It works with various agencies and private partners to evaluate cybersecurity threats and vulnerabilities and provides assessments to help safeguard those networks.
Blount said that Colonial Pipeline did not reach out to CISA, but first asked for assistance from the FBI on May 7, the day of the attack, and that the FBI coordinated a meeting that included CISA.
The top Republican on the committee, Sen. Rob Portman of Ohio, questioned Blount’s decision to pay the ransom and asked if he consulted with the FBI before he did.
“I know their position is that they don’t encourage you to pay ransoms,” Blount said, adding that even after the ransom was paid it will still take the company months to get back to fully functional operations before the attack.
Portman also pressed Blount as to how the company was hacked, and asked if Colonial Pipeline had a system for multi-password authentication, rather than a single password.
“There’s also news reports as to how this all happened,” Portman said. “There was a compromising password of a virtual private network, or VPN, account and this account apparently did not use multifactor authentication, which is kinda just a basic cyber security hygiene item that, you know, companies should have in place.”
Blount said that the VPN had only single-factor authentication, but that “it was a complicated password, so I want to be clear on that.”
He added that the company’s investigation on how the password was compromised is still ongoing.
Sen. Ron Johnson, a Wisconsin Republican, asked how much worse would it have been for the company if it had not paid the ransom.
“That’s an unknown that we don’t want to know,” Blount said. “It took us from Friday to Wednesday the following (week) and we already saw pandemonium.”
Sen. Maggie Hassan, a New Hampshire Democrat, asked how often Colonial Pipelines prepares for possible cyberattacks and if the company has a guidance plan for a ransomware attack.
Blount said that while Colonial Pipelines has participated in drills ahead of a possible attack, the company does not have guidance on what to do in case of a ransomware attack.
“This is an issue that I think we’re seeing across the board on cyber, we need to start imagining what can happen and respond accordingly as opposed to always looking at what the last problem was,” Hassan said.
Blount will also testify Wednesday before the House Homeland Security Committee about the ransomware attack on Colonial Pipeline.
===
Earmarks list for states in U.S. House infrastructure bill tops $5.7B
By Laura Olson
U.S. House Democrats’ highway funding bill is poised to include roughly three out of five transportation projects submitted by members, as legislators vie for their share of federal dollars through the resurrected congressional earmarks process.
The 1,473 projects that made the cut were out of 2,383 that Democratic and Republican legislators requested for inclusion in a federal infrastructure bill, at a time when infrastructure is the subject of prolonged, high-profile negotiations between the White House and Republicans in Congress.
The earmarks list — detailed in an amendment to five-year, $547 billion surface transportation reauthorization bill that the House Transportation and Infrastructure Committee will take up on Wednesday — has a price tag of $5.7 billion. That’s about 40% of the nearly $14.9 billion that was requested for member-designated projects.
If the bill is passed, districts represented by Democrats would receive the largest share of those dollars. Nearly $4 billion is designated for projects requested by Democrats, and $1.7 billion is for Republican-backed projects.
Republicans requested money for far fewer projects than Democrats did, and some Republicans didn’t request any earmarked funding at all.
The list approved for North Carolina, which responds to requests from lawmakers of both parties, can be viewed by clicking here and going to pages 127-129.
Montana’s sole House member, Republican Rep. Matt Rosendale, did not request any project spending, so the state would not receive any dollars from that portion of the bill.
Among Republicans, roughly 400 of the 600 projects they sought were included. Of the 1,778 projects that Democrats sought, the proposal includes 1,067.
Some lawmakers saw each of their proposals included in the measure. The 11 Nevada requests for roadway repairs, bridge projects, and zero-emission buses all made the cut.
Others were granted part of what they submitted.
Rep. Garret Graves — the Louisiana Republican who had the most-expensive request with his submission for a new bridge for Baton Rouge — was successful in getting $8 million for pre-engineering design work and $1.6 million for an environmental evaluation included in the bill.
However, the $946 million that Graves sought for actually building that bridge was not included.
The return of earmarks
Congressional Democrats brought back the earmarks process this year, after Republicans banished it in 2011 following intense public criticism of corruption and a lack of fairness.
If the pending highway bill were to become law, it would be the first since 2005 to include earmarks, according to the Eno Center for Transportation.
New guidelines intended to make earmarks more fair and more visible require lawmakers to post documentation for each project on their websites, with a letter attesting that they have no financial stake in the project.
The text of the pending amendment doesn’t specify which lawmaker requested money for an individual project. But members can be identified by sorting through the list of project requests on the House Transportation panel’s website.
Across States Newsroom’s 22 states, lawmakers took varying approaches to the number of projects they submitted and the cost of those projects.
Some turned in targeted lists totaling close to the $20 million that House lawmakers were advised could flow back to each district if a new surface transportation bill is signed into law. Others asked for dozens of projects at costs that far exceeded that figure.
Wisconsin, Tennessee and Missouri, where lawmakers generally submitted project lists with a cost close to that figure, had among the highest percentages of their requests included.
Pennsylvania Rep. Susan Wild, a Democrat, submitted four projects tallying exactly $20 million. All four of those proposals for road work and bridge replacements were selected.
On the other end of the spectrum, Maryland’s eight House members sought funding for nearly 100 projects, at an average cost of more than $100 million per district. Just 20 of those Maryland projects were included in the bill.
“It certainly was not an easy nor quick task for our committee to vet thousands of submissions,” Rep. Peter DeFazio, (D-Ore.), chairman of the House Transportation and Infrastructure Committee, said in a statement. “But it was absolutely worth it to give elected representatives the chance to directly advocate on behalf of their districts in our surface transportation bill.”
Haggling over a price tag
As the House-drafted highway bill heads to the next step in the legislative process, there’s no guarantee that any of the projects ultimately will get funded and built.
President Joe Biden and congressional Republicans have been negotiating for weeks over the price tag of a bill to pay for building and repairing scores of aging and failing highways, bridges and transit systems.
It’s unclear if they’ll be able to reach a consensus, and if not, if Democrats will be able to push through a major transportation bill without GOP support.
In the meantime, congressional Democrats are attempting to continue moving forward on infrastructure. The Senate Environment and Public Works Committee advanced a surface transportation bill last month.
House Speaker Nancy Pelosi, (D-Calif.), has said she wants an infrastructure measure to come to the floor before July Fourth. Senate Majority Leader Chuck Schumer, (D-N.Y.), has said his chamber will also take up transportation legislation next month.
Our stories may be republished online or in print under Creative Commons license CC BY-NC-ND 4.0. We ask that you edit only for style or to shorten, provide proper attribution and link to our web site. Please see our republishing guidelines for use of photos and graphics.