A former employee of the Discovery Bay Water Treatment Facility in California has been indicted by a federal grand jury for intentionally attempting to cause the facility’s security and protection systems to malfunction.
Rambler Gallo, 53, was a full-time employee of a private Massachusetts company contracted by Discovery Bay to operate the city’s water treatment facility. He held a position of “instrumentation and control technician”, which he held between July 2016 and December 2020.
The indictment alleges that Gallo installed remote control software on his employer’s systems as well as his personal computer, which allowed him to monitor instrumentation readings and control electromechanical processes on the facility.
In January 2021, Gallo resigned from his employer and used his home computer to access the facility’s network remotely, deliberately attempting to cause harm.
A US Department of Justice press release says Gallo sent remote commands to water treatment computers to uninstall critical software tools responsible for monitoring water pressure, filtration and product levels chemicals in the water.
It is unclear why Gallo acted in a way that endangered the health and safety of 15,000 residents of the town of Discovery Bay served by the water treatment plant.
The case of R. Gallo highlights the risks associated with poor management of access to critical infrastructure systems, especially in the case of public services that impact entire communities.
A context of poor cybersecurity practices can result in significant damage from disgruntled employees with extended access privileges or hackers.
An example is the Attack of 2021 on the water treatment system in the city of Oldsmar, Florida, where malicious actors attempted to increase the concentration of sodium hydroxide (NaOH), also known as lye and caustic soda , at extremely dangerous levels.
Following this incident, which served as a wake-up call about the associated risks, the US Water and Wastewater Systems (WWS) revealed that ransomware gangs are regularly targeting public facilities nationwide to shut down operations for profit.