Last week the Department of Justice announced indictment against an individual who damaged a computer system within the Water Treatment Facility in Discovery Bay, California, creating a threat against the public health and safety. The individual worked for Company A “contracted with Discovery Bay to operate the town’s wastewater treatment facility.”
This case contains the hallmarks of an insider threat security incident:
- Hired for a specific role: The individual’s responsibilities included “ ‘Instrumentation and Control Tech,’ with responsibility for maintaining the instrumentation and the computer systems used to control the electromechanical processes of the facility in Discovery Bay”
- Had Access: While the individual was employed, he “installed software on his own personal computer and on Company A’s private internal network that allowed him to gain remote access to Discovery Bay’s Water Treatment facility computer network.
- Resigned, then allegedly attempted to tamper with the water treatment system: He “allegedly accessed the facility’s computer system remotely and transmitted a command to uninstall software that was the main hub of the facility’s computer network and that protected the entire water treatment system, including water pressure, filtration, and chemical levels.”
More details on the case can be found in the court documents available for download here.
Security fundamentally is delivered through cooperation and teamwork. That cooperation is maintained by processes, toolsets, oversight, and practice as a team. For every insider threat incident that is made public information, there is 10x or more that aren’t, and each one represents monumental cooperation between security practitioners, investigators, and law enforcement.
If your organization seeks to instill good cooperation, Forcepoint brings 20+ years of experience in structuring insider threat programs to the table, including protecting the power grid with a Fortune 500 Renewable Energy company. Let us know how we can help.