Former Employee Charged with Attempting to Sabotage Water Treatment Plant in Discovery Bay
A former employee of a water treatment plant in Discovery Bay, California, has been charged with deliberately attempting to disrupt the facility’s safety and security systems. Rambler Gallo, 53, was employed by a private company in Massachusetts, which, under contract to Discovery Bay, managed and maintained the city’s water treatment plant from July 2016 to December 2020.
Court documents say that after being fired, Gallo attempted to remove important software tools. He had installed remote control software on both his employer’s systems and his PC, which allowed him to remotely monitor instrument readings and control the electromechanical processes at the facility.
Gallo’s Attempt to Sabotage the Water Treatment Plant
In January 2021, Gallo quit his job, after which he used his remote access to the facility’s network to try to sabotage the water treatment systems. The U.S. Department of Justice says Gallo deliberately sent remote commands to the water treatment plant’s computers in an attempt to remove critical software that controls pressure, filtration and chemical levels in the water.
Gallo’s actions endangered the health and safety of 15,000 residents of the city of Discovery Bay, which was served by a water treatment plant. If found guilty, he faces a maximum sentence of 10 years in prison and a $250,000 fine.
Risks of Cybersecurity Breaches in Critical Infrastructure Systems
Experts note that this case only highlights the risks associated with managing access to critical infrastructure systems (especially when it comes to the idea of utilities on which the local population depends). Incorrect cybersecurity practices in this area can lead to significant damage, which can be provoked by both the actions of disgruntled employees with too wide access, and attacks by hackers.
In 2021, 22-year-old Kansas resident Wyatt Travnichek was accused of hacking into the local water utility systems. Authorities reported that Trawniczek hacked into the network of Rural Water District No. 1 in Ellsworth and “performed activities that stopped processes at the facility and affected [water] purification and disinfection procedures in order to cause harm.” At the same time, as in the case of Rambler Gallo, before the attack on the water treatment systems, Travnichek worked at this very water utility, and quit shortly before the incident.
The case of Rambler Gallo and Wyatt Travnichek serves as a reminder of the importance of proper cybersecurity practices in critical infrastructure systems. It is essential to ensure that access to such systems is properly managed and monitored, and that disgruntled employees are not able to cause harm.