Colonial Pipeline names cybersecurity veteran as first CISO

Dive Brief:

Colonial Pipeline tapped veteran cybersecurity leader Adam Tice to serve as the company's first chief information security officer, Colonial announced Tuesday. Tice will oversee the company's information and data security program.
Tice joins Colonial from Silicon Valley Bank, where he led cybersecurity and threat intelligence since February 2021. He previously served as senior vice president at Equifax, where he helped the credit reporting agency recover from its 2017 data breach that exposed the records of 147 million consumers.
Marie Mouchet is retiring as vice president and chief information officer in late April, in a planned transition that was already underway, according to a company spokesperson. Mouchet, who joined Colonial in 2016 after working as CIO at Southern Co., is staying on during the transition as the new CISO is onboarded. The search for a new CIO is already underway.

Dive Insight:

The CISO announcement comes more than nine months after Colonial, the largest fuel supplier in the eastern U.S., was hit by a massive ransomware attack that disrupted pipeline operations for six days. The company paid a $4.4 million ransom in bitcoin to the threat actors, before federal authorities recovered $2.3 million.

Colonial Pipeline named Adam Tice CISO on Tuesday, Feb. 22, 2022.

Colonial Pipeline

The executive hire ushers in a new security chapter for Colonial, as the major fuel supplier recovers from one of the most disruptive cyberattacks in U.S. history. The decision to hire Tice was part of the company's "commitment to elevate security practices across the enterprise," a Colonial spokesperson said via email.

Colonial and Tice are prioritizing physical and cybersecurity, and the company plans to give his team the appropriate resources and personnel to build out the program, the spokesperson said.

Tice will report directly to Colonial president and CEO Joseph Blount on an interim basis while the company's Technology Group is evaluated and structured for organizational effectiveness, the spokesperson said.

Tice will also serve on the company's Cyber Steering Committee where he will "have an open line of communication to the CEO and the board" to make sure the company's leadership will have enough visibility into evolving cybersecurity risks faced by the industry, the spokesperson said.

"Having a security leader on the C-suite and security savvy board members has become a necessity," Katell Thielemann, Gartner Research VP said. "Threats are moving closer and closer to operational and mission-critical environments, and attacks that cripple them directly impact the bottom line."

Colonial was attacked in early May 2021, preceding a wave of major ransomware attacks on critical infrastructure, with meat supplier JBS USA coming under a ransomware attack during the Memorial Day weekend. JBS paid $11 million in ransom.

"As we saw with the various cybersecurity incidents last year, one bad day can cause a ripple effect across the country," Tice said in the announcement.

The Colonial attack, linked to the DarkSide ransomware group, took place when a legacy VPN profile was exploited using stolen credentials, allowing threat actors to enter the company's IT system. The pipeline operations were shut down as a precaution to prevent the hackers from taking control of the company's OT network.

Before working at Equifax, Tice was a manager at Mandiant and previously spent a decade as an analyst, IT security manager and engineer at Lockheed Martin.

"It's a good move for Adam and Colonial," said Charles Carmakal, senior vice president and CTO at Mandiant. "He will help them continue to mature their security program."