Los Angeles Utility Accused of Cybersecurity Coverup

The Los Angeles Department of Water and Power has been accused of deliberately keeping widespread gaps in its cybersecurity a secret from regulators in a large-scale coverup involving the city's mayor.

The allegations were made by Ardent Cyber Solutions LLC, a company hired by the Department of Water and Power (DWP) in April 2019 to perform cybersecurity work.

In a 10-page claim filed against the city earlier this year, Ardent states that it uncovered an "extremely high number of unpatched vulnerabilities" in the company's "corporate IT network." 

According to Ardent, DWP board president Mel Levine and DWP’s senior executives were informed of the security issues by email on August 12, 2019. But rather than address the issues, Levine, the DWP, and city officials made “false statements and failed to disclose material facts” in a bid to cover them up.

In the claim, Ardent states that city officials and DWP staff "acted to conceal these facts from federal and state regulators, bond rating agencies, purchasers of municipal securities issued by the LADWP and the public at large."

It is further alleged that Los Angeles mayor Eric Garcetti personally ordered the cancellation of Ardent's DWP contract on August 12, 2019, as a “retaliatory measure” after the company alerted officials to the utility's cybersecurity problems. 

The claim, submitted January 10, accuses the city and DWP of breaching the contract with Ardent and failing to pay the cybersecurity company over $3m in fees.  

DWP spokesman Joe Ramallo said the utility “strongly disagrees” with Ardent’s allegations. According to Ramallo, Ardent's contract was axed due to “concern over their continued involvement in critical cyber issues.” 

Ramallo said giving any further details could hurt any investigation into the claim.

“We want to assure our customers and stakeholders that cybersecurity is of the utmost importance to DWP,” Ramallo said. 

“And the appropriate steps have been taken to ensure that our cybersecurity is compliant with all applicable laws and security standards.”

The DWP headquarters were raided by the FBI in August last year as part of a probe into the city's handling of litigation that sprung from the bungled rollout of a new DWP billing system. No one was arrested or charged in connection with the raid.

What’s Hot on Infosecurity Magazine?