A former employee of Discovery Bay Water Treatment Facility in California was indicted by a federal grand jury for intentionally attempting to cause malfunction to the facility’s safety and protection systems.
Rambler Gallo, 53, was a full-time employee of a private Massachusetts company under contract with Discovery Bay to operate the town’s water treatment facility. He had an “instrumentation and control tech” role, which he fulfilled between July 2016 and December 2020.
The indictment alleges that Gallo had installed remote control software on his employer’s systems and also his personal computer, which enabled him to monitor instrumentation readings and control the electromechanical processes of the facility.
In January 2021, Gallo resigned from his employer and used his personal computer to remotely access the facility’s network, deliberately attempting to cause harm.
A press release from the U.S. Department of Justice says that Gallo sent remote commands to the water treatment’s computers to uninstall critical software tools responsible for monitoring water pressure, filtration, and chemical levels on the water.
It is unclear why Gallo acted in a way that endangered the health and safety of 15,000 residents of Discovery Bay town that the water treatment plant served.
The case of R. Gallo underlines the risks associated with improper access management to critical infrastructure systems, especially in the case of public utilities with an impact on entire communities.
A context of poor cybersecurity practices can lead to significant damage from disgruntled employees with extensive access privileges or hackers.
One example is the 2021 attack on the water treatment system for the city of Oldsmar, in Florida, where threat actors attempted to increase the concentration of sodium hydroxide (NaOH), also known as lye and caustic soda, to extremely dangerous levels.
In the aftermath of this incident, which served as a wake-up call to the associated risks, the U.S. Water and Wastewater Systems (W.W.S.) revealed that ransomware gangs are regularly targeting public facilities nationwide to interrupt operations for make a profit of it.