Sunday, 20 June 2021

What are GFH’s Motives for Acquiring KHCB Shares?

لولا اختلاف النظر، لبارت السلع  


 
Summary of key points in this post.

  • 45% premium over market on 13.64% of shares from Shuaa and Goldilocks.

  • Tender offer proposed for remaining 30.95% of shares

  • Favorable Impact on GFH’s Consolidated Shareholders’ Equity


Background

On 6 June GFH announced it had increased its shareholding in KHCB from 55.41% to 69.05% as part of the “Group’s strategy to increase its ownership in KHCB.”

On 7 June GFH provided further details as follows:

With reference to GFH Financial Group’s announcement dated 6th June 2021 pertaining to the subject matter, GFH would like to announce that the increase of ownership in Khaleeji Commercial bank was pursuant to a sale and purchase agreement between GFH along with Shuaa Capital and Goldilocks Investment Company, to acquire their stake of 121,726,795 shares for a total of BD 8,764,329.240 equating to BD 0.072 per share.

On 8 June GFH announced that pursuant to Central Bank of Bahrain requirements regarding takeover and mergers, it had approached KHCB’s Board to make a proposed voluntary takeover offer for the remainder of KHCB’s shares.

Deal Analysis

According to the trading data from the Bahrain Bourse, during the period 4 January through 3 June 2021, the average price of a KHCB share was BD 0.050 (rounded to 3 decimal places). Typically the share trades at roughly 50% of book value.

The BD0.0720 acquisition price represents a 45% premium to the average trading price.

Since the GFH acquisition, the price has increased to just below BD 0.070 perhaps in anticipation of GFH offering the same BD 0.0720 price to remaining shareholders.

Apparently, KHCB is quite a valuable asset.

Though one might not have thought so from the fact that

  • KHCB required an additional BD 60 million in capital to meet CBB requirements

  • GFH had to buy the entire AT1 instrument

Or maybe you read Fitch Ratings comment on KHCB in their reaffirmation of GFH’s B credit rating. (That rating is below investment grade, if you didn’t know)

Following a balance sheet clean-up exercise in recent years KHCB's asset quality has been improving but is still weak and lags higher-rated peers'.

In any case I hope you are confident that the fact that Shuaa and Goldilocks are related parties had no effect on the 45% premium.

That being said, the size of the premium is perhaps perplexing. 

Neither Shuaa nor Goldilocks were inclined to participate in the AT1. That would seem to evidence a lack of faith in KHCB's future.

One might think of them as perhaps motivated sellers of KHCB. 

It is perhaps also difficult to imagine that there were other serious bidders interested in acquiring a minority stake in company where a single shareholder had control.

But then the ways of the market are mysterious and magical. Especially in the land of flying carpets.

Despite the premium, if you look at this earlier post on Goldilocks, you will see that Goldilocks acquired its stake in KHCB from Shuaa for BD0.096 a share. You will also note that KHCB didn’t pay any dividends since Goldilocks’ purchase.

So on this transaction Goldi has a roughly 25% loss from original cost.

No wonder Shuaa doesn’t publish data on Goldilocks’ performance, contrary to previous years.

In the post referenced above I also wondered if Shuaa had held on to its then 3.88% stake.

It certainly appears so because GFH says it bought shares from both Shuaa and Goldilocks and Goldilocks shareholding was 9.76% according to KHCB’s announcement.

Motives for the Transaction

So what is motivating GFH’s acquisition of KHCB?

Only GFH knows for sure but we can explore some possible rationales. 

I've selected two for discussion:

  • Overlooked gem
  • Increase in GFH equity beyond the purchase price

Other possible reasons for the transaction could be “civic duty”, etc. And more than one motive may be operative.

As you read, you can decide for yourself which, if either, is the more compelling one.

Overlooked Gem

The market has fundamentally undervalued KHCB.

The canny folks at GFH are about to get KHCB “on the cheap”.

Thereby reaping rich rewards long into the future.

Accounting Magic

The key drivers of the appeal of this motive are two “facts”:

  • KHCB’s book value per share exceeds the acquisition price

  • GFH uses the book value—not the market or fair value—of KHCB’s assets and liabilities (and thus by the process of subtraction also KHCB’s equity) to prepare its consolidated financials.

As of 1Q 2021 KHCB’ s Book Value was roughly BD 0.160

By acquiring the shares GFH stands to benefit from the difference between book value (BD 0.16) and the purchase price (BD 0.072) and the happy application of rules for consolidated financial statements.

121,726,795 shares at BD 0.088 equals roughly BD 10.7 million or US$ 28.4 million.

Compare that to the BD 8.8 million purchase price. 

A not inconsiderable gain on purchase.

You might well ask:

How can that be? The P/B ratio is well below one. This can’t make economic sense.”

As I’ve posted here before, accounting does not always reflect economic reality.

Here’s how it would work in detail.

Recall that in its consolidated financials GFH records 100% of KHCB’s assets and liabilities in its (GFH”s) balance sheet using the values appearing in KHCB’s balance sheet. Their book values.

Therefore, net assets (equity) are also reflected in GFH’s financials at book values.

As the final step GFH allocates those net assets between shareholders in the Group and Non Controlling Interests (NCI) in the Consolidated Statement of Changes in Shareholders’ Equity based on their respective ownership/voting rights.

With the acquisition of an additional 13.64% in KHCB shares, GFH’s share of the net assets (total assets minus total liabilities) in KHCB will increase.

This increase in equity attributable to shareholders of GFH will be accompanied by a corresponding decline in equity attributable to NCI in GFH's financials.

If its tender offer for the remaining shares is accepted and completed, an additional increase in Group shareholders’ equity will occur.

Depending on the percent take up on the take over offer, the component in NCI related to KHCB may disappear from GFH’s financials.

But there is indeed more!

You will recall (and if you don’t here’s the link to that post) that in connection with its 2020 purchase of KHCB’s AT1, GFH was required to reduce its consolidated equity attributable to shareholders of the Group by US$ 59.9 million in its FY 2020 financials.

The US$ 59.9 million reflects the excess (positive difference) between (a) GFH’s “contribution”--the amount of the AT1-- and (b) GFH’s share of KHCB’s net assets based on its percentage shareholding in KHCB.

Now that GFH owns 69.05% of KHCB, it is entitled to “recover” some of that amount.

Similarly, it will also have to absorb some of the US$ 14.3 million share of issuance costs levied against the NCI in 2020. Perhaps as much as US$ 4.4 million.

We should see the impact of the 13.64% KHCB share acquisition most likely in GFH’s 2Q2021 financials.

Keep your eye on GFH’s financials to see if my prediction comes true and how the related entries are handled.

Are they disclosed separately as in 2020?

Booked directly to equity?

Or perhaps to income?


Saturday, 19 June 2021

She Just Can't Get Any Respect

At Least She Got a Seat in Istanbul
Not Even a Mention in the FT

 

Robert Armstrong had an absolutely brilliant article in Saturday’s FT: Rumpled Boris, Macron's mistake and other G7 sartorial missteps.

But one very glaring flaw.

He failed to mention one of the nine leaders at the summit.

At least President Erdogan had a seat for Ms. Von Leyden, albeit not in the front row.

But a seat nonetheless.

Wednesday, 16 June 2021

Ransomware Prioritize Prevention Then Pursue Prosecution – Part 2

When You're This Far Gone
It's No Wonder You Don't Hear the Wake-Up Call
And a "Sobering Fact" Is Likely to Have No Effect

In Part 1, I outlined (yet again) the above point: hardening the target should be the priority.

In this post, I will hit that downed horse several more times. 

Hopefully demonstrating that with respect to prevention there is quite a bit of low hanging fruit.

Please note that only the first point below directly relates to Mr. Younger’s opinion piece in the FT.  

Russia

Mr. Younger had and perhaps still has access to secret information that makes him better placed than me to make an assessment about the links between ransomware hackers and the Russian Federation.

And as well to draw the conclusion that securing the cooperation of the RF will be a key element in stopping attacks.

His comment may be read to imply that the Russian Government

  • is more capable of controlling crime originating inside its borders than other countries are within theirs (that, I’d note, would be a remarkable achievement), or

  • that there are bonds between the hackers and certain organs of RF state security or

  • perhaps both

In any case, if the hackers were expelled and are motivated by profit, wouldn’t they simply pack up and go elsewhere?

Or in a demonstration of the intense competition in the “free market”, wouldn’t other countries’ enterprising hackers step up to fill the void?

From time to time, countries are “ranked” for the amount of “malevolent” internet traffic they originate.  

Perhaps, these reports may identify potential candidates?  

I didn't include all the countries named. 

You can look at the reports cited below for additional country names.  

One point to keep in mind. 

It’s unclear if these reports are based solely in IP addresses or if there are other metrics.

Like VPNs proxy servers can make one appear to be in a country when one is not. Proxy server chains can create even more difficulty in locating a person or entity.

Matthew 7:7  Just one day after I posted this, Auntie answered.  Still a great deal even at GBP 159 a year!  https://www.bbc.com/news/technology-57504007

According to this report in 4Q2012, the PRC was responsible for 41% of “global attack traffic” on the internet, the US second with 10%, and the RF in fourth place with 4.3%.

According to another report, in 2016 China led the pack with 27.2% of cyber attacks (this is a subset of malicious traffic) the US with 17.12%, Turkey 10.24%, Brazil with 8.6%, and Russia with 5.14%.

According to this report for May 2019, “China, Russia and Ukraine appear to be active in a wide variety of hack attempts, including root kits, ransomware, brute force attacks and a wide variety of malware.”

State Intelligence Operations versus For Profit Criminal Hacking

It’s important to keep this distinction in mind when looking for solutions.

While finance is my provenance, I’d venture to guess that eliminating spying is even harder than eliminating organized crime.

According to what I read in the media, even allies spy on one another.

I’d also venture that countries are not going to allow the extradition of their intelligence operatives to a foreign country. 

What about criminals?

The definition of “criminal” can be tricky—to use a shared finance and legal term --particularly when it comes to matters of state security.

Unauthorized access to state secrets, secret internet or communications systems and physical sites is a crime.

In such a case one might revise the statement about “terrorists” and “freedom fighters” to: 

One country’s cyber spy is another country’s cyber criminal.

So what is to be done?

Prevention may offer a higher prospect of reducing risk than after the fact prosecution. Though prosecution should not be abandoned.

The Sophisticated “Hacker”

There seems to be a general perception that hackers are an incredibly brilliant lot.

Think of an evil twin from a soap opera.

A “rogue” Bill Gates, Linus Torvalds, or Larry Page.

That’s not always the case.

Much of the hacking takes place by the equivalent of opening an unlocked door or open window.

Those tools are fairly simple to program.

And for the lazy available for purchase on the web, or so I am told.

Here is a CISA alert from 6 May of this year.

More sophisticated hacking software is often developed from undisclosed flaws in existing software or systems that the hacker has purchased from someone else clever enough to discover them.

Here’s an article these “flaws” or zero day exploits.

Here’s another on how these sort of exploits were used to hack IOS in February 2020.

And there are other ways.

According to security experts the WannaCry ransomware attack was made possible by using information from some NSA software that Shadow Brokers illegally acquired and then put up for sale.

The Somnolent/Negligent Target

Here’s where we get to the really uncomfortable part – taking responsibility.

Lot of attacks are successful because targets left their doors unlocked and windows open.

WannaCry was facilitated because many users hadn’t upgraded from Windows XP.

As is common practice, after a certain amount of time, software vendors stop “supporting” old software. That includes providing security patches for known vulnerabilities.

You’ll see that same failure mentioned regarding some of the 2018 ransomware attacks in the USA.

Another is failure to install patches and updates that are provided by the vendor. 

That is, perhaps even more egregious. One doesn’t have to plunk down money for a new bit of software, but merely install a “patch” from the vendor.

Pulse Secure VPN appears to be our poster child here.

First, an article from AP about breaches this year.

Here is a CISA alert from 15 April 2020 which is an update from 10 January 2020. 

Take a look at the timeline outlined in this report.

You’ll notice the vendor made its first wake-up call in January 2019. That was followed by several “sobering facts” from a variety of sources.

Both of these incidents may be a salutary caution to those whose mobile phones no longer receive software updates or security patches. Or those who have ignored a message to update their phones.

I’ll upgrade this comment later to “a wake-up call” or “sobering fact" later.

As you will notice from the FT article cited above, WannaCry was described as a “wake-up call”.

That the somnolent didn't and don’t answer.

Perhaps the solution is a louder ring tone? Voice mail?

Not bloody likely! (See picture at the head of this post).

Stricter government requirements and robust penalties for failure to adhere to them are likely to get more attention and responses.

Tuesday, 15 June 2021

Ransomware Prioritize Prevention Then Pursue Prosecution – Part 1

 

Noted Internet Security Expert, B. Franklin
Interesting Fact: 
Colonial Pipeline Earlier Management Ignored His Advice

Alex Younger, former head of the Secret Intelligence Service, penned an opinion piece in Saturday’s FT Ransomware attacks have to be stopped — here’s how.

Some 898 words long. Lots of good advice and interesting points.

However, he had but these 37 words (4%) on what I consider to be one of the key steps to resolving the problem.

It follows that governments can and should do more but not to the point of absolving individuals and firms of their own responsibilities. A surprisingly large amount of this is about getting the cyber security basics right.

The last sentence “names the issue exactly”.

I think this is the major problem.

By way of analogy, let’s assume a town where no one locks their doors, where people leave valuables in plain sight, where it’s common to leave the keys to one’s Maybach in the ignition, and the car in the driveway..

Now we could crackdown on those who buy stolen goods even those in other cities.

We could station a policeman by each house to keep guard.

Or, we could get as many citizens as possible to lock their doors and secure their property.

What this latter step hopefully would do is lessen the opportunity for crime.

And the amount of crime that takes place.

It also lessens the number vulnerable targets that one has to guard.

If we can take the above steps, then resources can be more focused.

Also and perhaps more importantly, with national security issues, one would I hope prefer to prevent an attack over  a successful response to the attack.

Is this the case with ransomware? That doors are unlocked, valuables unsecured?

First, some macro examples from an earlier post.

Two quotes from the FT. Italics mine.

  1. Just a quarter of companies in traditional infrastructure businesses, including oil and gas, utilities and healthcare, were properly braced for an attack, estimated Matias Katz, chief executive of the cyber security group Byos.

  2. The oil and gas sector has been criticised for lax cyber security regulation.

The above points are estimates not facts.

But it should be not only an “overdue wake up call” but also a “sobering fact” even if these are overestimates by a factor of two.

The companies making these estimates are companies selling security products and so may have a profit dog in the fight.

So let’s turn to recent comments by US Secretary of Energy. She is reported to have said that “hackers” could shut down the US energy grid.

Second, some individual examples.

Colonial Pipeline was penetrated through a VPN which was “not intended to be used” but not turned off. That system had single factor authentication.

In February 2020, CISA (Cybersecurity and Infrastructure Security Agency) published an alert on a ransomware attack on an unnamed US pipeline.

That alert mentions some of the same security failures as with Colonial Pipeline.

Lessons learned?

Wake-up calls unanswered?

Sobering facts insufficiently “sobering” to overcome the state of intoxication?

As well, you will note that many of the other failures mentioned in that alert are “basic cybersecurity”. The PC equivalent of locking doors, securing valuables, etc.

You will see this pattern of “rookie” mistakes in many of their alerts

Another study that ranks cybersecurity by country seems to confirm the above.

The US ranks 46th out of 75 countries.

Some caveats:

  1. This isn’t an apples to apples comparison. Rather it is an overall ranking across a broad gauge of metrics not just for ransomware. It includes attack attempts, infection rates on personal devices, etc.

  2. But despite that drawback it does highlight the Willy Sutton Principle: One would expect the USA to be of more interest to hackers than many of the other countries on the list. And so more targeted. And so more in need of defense.

In Part 2, we’ll look at some other issues, not all of which relate directly to Mr. Younger's opinion piece.


Sunday, 13 June 2021

Collateral: Great Expectations vs Sobering Facts

Expectations Often Are Not Fulfilled

 

Ellen Carr has an article in the 10 June FT “Linus from Peanuts has risk lessons for high-yield investors”

Two quotes from that article to set the stage for some additional observations.

When we get the chance to buy bonds with collateral backing them up, we feel, well, more secure.


Secured bondholders anticipate that, if their research fails them and the issuer ends up in bankruptcy court, they are likely to be paid in full before unsecured lenders get a dime.

There is truth in these statements.

But note that in both of the quotes Ms. Carr speaks about “feelings” and “anticipations”.

Sadly these “wishes” don’t always turn into “horses” that bond holders can ride.

Some inconvenient and perhaps even “sobering” facts.

(H/T for the latter phrase to Joseph Blount, President and CEO of Colonial Pipeline).

The nature of the collateral drives its value in a liquidation.

  1. Property, plant, and equipment generally are sold for a fairly low percentage of historic cost in collateral realisation, particularly if they are highly specific to an industry. Or are costly to move.

  2. As you’d expect items nearer to cash have higher sales values, assuming they are liquid in nature and trade in liquid markets.

  3. Holders of collateral in the form of 100% of the shares of capital stock in a subsidiary are effectively junior in legal priority to all other creditors in that subsidiary. Last in the line in the cash waterfall from the subsidiary’s estate.

  4. Such shares are generally less liquid than listed shares.

The nature of the corporate distress drives collateral values in liquidation.

  1. If one company in an industry is failing but the industry itself has reasonable prospects, the sales price of collateral is likely to be more than if the entire industry is tanking.

  2. This will also depend on whether there is existing excess capacity in the industry.

The form of the corporate distress resolution can affect access to collateral.

  1. In a US Chapter 11, one may find one’s position changed under the reorganization plan.

  2. Realisation of collateral can be legally stopped.

  3. The reorg plan may change tenors, rates, and in some cases even the collateral itself.

  4. In that regard DIP financing can create a new and higher priority class of secured creditors.

Laws and transaction structures can affect collateral.

  1. Be sure that you legally have and can enforce your collateral rights.

  2. Be sure the legal structure is sound. Complex structures involving multiple national laws may be fragile. You enforce your collateral rights in the jurisdiction where the collateral "resides".

  3. Read the Offering Memo. The deficiencies outlined in points #1 and #2 above are often clearly spelled out in the Offering Memoranda. (See earlier posts on Golden Belt Sukuk and Peking University Founders Group),

  4. Be sure you will get a fair shake in courts if you have to enforce your rights. For example, you don’t really want to be a foreign lender in Saudi Arabia. (See Al Gosaibi, TIBC, AlAwal Bank, AlSanea. Or Redec for those with long memories or access to the internet.)

  5. Be sure there are no quirks in local law or advantages for well connected individuals. (See Dana Gas posts).

With that as background, let’s take a look at the transactions she mentioned in her article.


What's the Scrap Value of a Cruise Ship?


Royal Caribbean Line: US$ 3.320 billion senior secured notes maturing in 2023 (US$ 1 billion) and 2025 (US$ 2.320 billion)

You’ll find the Indenture here.

Collateral – pages 7-8

Collateral” is defined as:

  1. shares of capital stock in subsidiaries that own the pledged “vessels”

  2. 28 pledged vessels

  3. the Collateral Account and any “Trust Moneys” within

  4. the material trademarks owned by the Issuer and Celebrity Cruises Inc. on the Issue Date, including the Royal Caribbean and Celebrity brand trademarks and (y) all intellectual property rights of the Issuer in and to marketing databases, customer data and customer lists, except to the extent prohibited by contractual obligation existing on the Issue Date or applicable law, rule or regulation.,

You may have read that the book value of the pledged collateral is some US$ 12 billion.

Sounds great!.

That’s roughly four times coverage of the Secured Notes.

But let’s look a bit closer.

First, this collateral is industry specific.

Ask yourself what is the value of cruise related collateral if RCL is failing because it cannot generate sufficient cash to repay its debt.

Then ask how the fact that the cruise industry in general is “facing rough seas” may depress collateral values even more.

A falling tide lowers all boats.

And their related values. And that of their customer lists, trademarks, etc.

Second, note that the US$ 12 billion is based on historic cost.

It’s an old rule of the market that one sells assets at the current market price which may be significantly different than historic cost or book value.

If you are a motivated seller, bidders are more likely to bid low than high. If indeed, they bid at all.

But as they say on late night TV, “but wait there’s more”.

Third, Collateral Cap – pages 8 and 99

That’s not a sartorial accessory for the collateral,

But a way to deal with indentures in existing bonds which limit the amount of “new indebtedness” that RCL can incur.

So what is a collateral cap?

Let’ turn to the Indenture for the legal meaning of this term.

First, the amount of the collateral that is available to the secured creditors solely is limited.

Collateral Cap” means, on the Issue Date, $1,662.0 million, as it may be increased pursuant to Section 4.13.

Second, on page 99 there is an explanation as to what happens to amounts above the “cap”.

In no event shall Collateral Proceeds in excess of the Collateral Cap or any other limitation on the extent of Collateral Proceeds contemplated by the Security Documents be applied in accordance with this Section 6.10, and such excess amounts shall be returned to the Issuer, any Guarantor or any other obligor of the Notes, as their interests may appear, or as a court of competent jurisdiction may direct.

So in the best case the collateral will not repay more than roughly 50% of the outstanding debt.

Any proceeds from the collateral sales over US$ 1.662 billion would go to RCL’s “estate” to be shared by all creditors.

Thus, the secured note holders are not going to be repaid in full before the unsecured creditors get a dime in the event that the collateral needs to be realised.

There’s more.

As is typical the Indenture permits certain liens against the collateral that have legal priority to the secured note holders’ position.

Once one takes possession of collateral like a vessel, one incurs maintenance and costs associated with berthing, including any required crew salaries and expenses, plus insurance until the sale. These out of pocket costs would then represent a deduction from the proceeds of any realisation.


Admittedly An Extreme Case
But Who Is Going to Want to Buy Stores Now?

Macy’s US$ 1.3 billion 8.375% senior secured notes maturing 2025

The notes are secured by first liens/deeds of trust on real estate.

If Macy’s hits the wall to use a technical financial term, does that perhaps indicate that retail is in real trouble?

I’d argue that it does.

Macy’s is indeed a different “fish” than say Sears or K Mart.

If a name like this is in trouble, then the sector is in trouble.

Who then is the expected buyer of these real estate assets or as we might more realistically call them “empty stores”?

Dollar General? Maybe if the price is a dollar?

What is their value in alternative uses? 

Amazon fulfillment centers? Homeless shelters? Schools?

If you’re interested, Fitch assigned this issue a BB+ rating.

That is below investment grade, a good indication that full repayment is not assured.


Saturday, 12 June 2021

Colonial Pipeline CEO’s 8 June Testimony -- Annotated

 

No Need for an Extensive Hunt
Just Read Below

On June 8th Joseph E. Blount, Jr., President and CEO of Colonial Pipeline testified before the US Senate Committee on Homeland Security and Governmental Affairs.

I have annotated quotes from his prepared statement before the Committee to provide further context and set the stage for a following post on the Committee’s reaction.

Quote 1

Colonial Pipeline is cognizant of the important role we play as critical infrastructure. We recognize our significance to the economic and national security of the United States and know that disruptions in our operations can have serious consequences.


That certainly sounds promising, Colonial acknowledges its “significance to the economic and national security of the United States”.

Based on that we can expect a description of the robust measures that Colonial took to prevent hacking and ransomware attacks.

Quote 2

I recognize that the attackers were able to access our systems. While that never should have happened, it is a sobering fact that we cannot change. 

Indeed it should never have happened.

It is as well a “sobering fact”.

While great philosophers have debated whether a “sobering fact” is more urgent than a “wake-up call”, I think it’s safe to say that they largely agree that for a fact to be “sobering” one must not have been a “sober” state prior thereto.

Quote 3

We take our role in the United States infrastructure system very seriously.

With a previously reported 30%+ net profit margin, very seriously no doubt.

That aside, I guess we’re about to hear about Colonial’s robust preventive measures and the millions spent on cybersecurity.

I’d note that I take my role as a parent very seriously with respect to the safety of my children while traveling in our car.

That means of course that the Prince of Wails is secured in a baby seat and the two other little ones are buckled in before we embark.

Madame Arqala generally rides “shotgun” in these cases. 

And makes ample use of the “phantom” brake and periodic verbal warnings to moderate any perceived excesses in my speed.

Note that those steps are undertaken before not after a crash.

So you’re probably as excited as I am to hear from Joe.

Quote 4

Colonial Pipeline is an accountable organization, and that starts with taking proactive steps to prevent an attack like this from happening again.

It seems that CP’s “accountability” is focused on the future. 

They're looking "forward not backward."

Unspoken is the extent of accountability for pro-actively securing the stable gate before the horses bolt.

That can’t be quite right after all Joe of his statements so far about Colonial’s attitude to protecting critical infrastructure.

There’s got to be more to come.

Quote 5

Although the investigation is ongoing, we believe the attacker exploited a legacy virtual private network (VPN) profile that was not intended to be in use.

Ah, the answer.

When you hear the word “legacy”, you immediately know that its not current management’s failure. 

It’s like the fraternity or college that has to accept an applicant because he’s a “legacy”. Neither can be blamed if the “legacy” doesn’t work out.

Or “legacy” can also mean something unwanted that you inherited, like your Aunt Stella’s collection of glass figurines. Just stick them in a box and forget about them.

With a name like “Colonial” you might well expect that John Murray, Fourth Earl of Dunmore, George Washington, or Alexander Hamilton probably set up the VPN.

Before you rush to blame any of them, let me remind you that internet security was not as advanced then as it is now. 

Also we learn that the system “was not intended” for use.

But it certainly seems that it was  “left on”.

So Colonial’s management is filled with good intentions among other things.

I guess in some quarters that counts for more than “effective actions”.

But that doesn’t mean that Colonial isn’t taking action now.

Quote 6

We have worked with our third-party experts to resolve and remediate this issue; we have shut down the legacy VPN profile, and we have implemented additional layers of protection across our enterprise. We also recently engaged Dragos’ Rob Lee, one of the world’s leading industrial and critical infrastructure and OT security specialists to work alongside Mandiant and assist with the strengthening of our other cyber defenses. We have also retained John Strand from Black Hills Information Security, another leader in the cybersecurity space, who will provide additional support to strengthen our cybersecurity program.


Clearly quite a bit work is being done now—that is to remind you after the hack.

Can we infer from the long list of remedial items that there were widespread and serious security weaknesses pre-hack?

It sure sounds like it.

With this as backdrop, you probably expect that Joe is about to get a quite grilling from the Senators on the Committee.

Let me remind you that “expectations” just like “intentions” don’t always deliver the wished for results.

Once the transcript of the hearing is published we’ll take a closer look.