The Los Angeles Department of Water and Power (DWP) is in the spotlight after a cybersecurity contractor launched legal action against the utility provider alleging serious shortfalls in the security processes which were hidden from regulators.
Arden Cyber Solutions LLC is the security contractor in question, who has submitted a ten-page claim against the city, alleging that staff were coached into concealing the vulnerabilities from regulators, retaliation and breach of contract when their contract was canceled and the firm remained unpaid for their work.
The claim says that Mayor Eric Garcetti canceled the firm’s contract with the city as a “retaliatory measure” shortly after the organisation alerted city officials to physical and cybersecurity problems in an attempt to hide these inadequacies from regulators that would have in turn taken action against the city and enforced costly counter-measures.
According to the Los Angeles Times “Ardent worked out of Figueroa Plaza, a pair of downtown office towers that house several city agencies. The firm was one of several companies named in an FBI search warrant served at the utility during agents’ raid of city buildings last year.”
“Investigators searched Ardent’s computers on the day of the raid and sought information about any security reviews done by the firm and documents related to DWP’s compliance with industry security stands, according to the sections of the warrant reviewed by The Times and an eyewitness report.”
In the claim, Ardent says that the company was hired by the DWP in April of 2019 as a cybersecurity contractor. The company says that after reviewing the DWT’s “corporate IT network” they concluded that there was an “extremely high number of unpatched vulnerabilities” that needed to be taken care of.
The claim states that senior staff at Ardent alerted Board President of the Department of Water & Power, Mel Levine of these shortcomings in an email on August 12, 2019. Ardent says that it alerted Levine of the fact that city officials were making “false statements and failed to disclose material facts” regarding the security of the utility provider.
The firm says in its claim that City officials and the DWP “acted to conceal these facts from federal and state regulators, bond rating agencies, purchases of municipal securities issued by the LADWP and the public at large.”
Later that day, Ardent’s contract with the Los Angeles Department of Water and Power had been suspended, according to the claim, which also alleges that the DWP had breached its contract by failing to pay $3 million to Ardent.
Joe Ramallo, a spokesman for the DWP says that the department “strongly disagrees” with the allegations, and that the contract was canceled because of “concern over their continued involvement in critical cyber issues.”
“We want to assure our customers and stakeholders that cybersecurity is one of the utmost importance to DWP, and that the appropriate steps have been taken to ensure that our cybersecurity is compliant with all applicable laws and security standards,” Ramallo said.