Delano Boil Water Order Due to Water Plant Hack

This morning’s ‘boil water’ order from the Delano Water Maintenance Department was issued because of a cyberattack on the chlorination system at the City’s Water Treatment Facility on the north side of town according to George Funderburke, the Director of the DWMD. “A visual check of the scales on the active chlorine tank this morning showed no change in weight since yesterday morning,” Funderburke told reporters; “This indicates that no chlorine had been added to the city’s water in the last 24 hours.”

Funderburke confirmed that the control system used at the facility showed normal operation of the chlorination system and instrumentation at multiple places within the plant showed chlorine levels in the system were within expected values.

A written statement from the DWMD said: “When the tank weighment discrepancy was reported, we immediately did manual water sampling and testing for chlorine and found no chlorine in the water being sent into the city pipes. We immediately began manual operation of the chlorination system with manual testing while the investigation into the incident is underway. We are also making hourly physical weighment checks on the active chlorine tank until the issue is resolved.”

Mayor Arrington Carter told reporters that both the Federal Bureau of Inquiry (FBI) and the Environmental Process Protection Agency (EPPA) had teams enroute to the City to investigate the incident. “We do have a team from the CI-SOC on site collecting forensic evidence from the facility control system,” she told reporters: “After last fall’s ransomware attack, we have built a close relationship with General Turgidson’s people and they responded very quickly.”

The Critical Infrastructure Security Operations Center (CI-SOC) has not yet responded to questions about the incident beyond saying that they have a team currently working on site.

Jay Muir, spokesperson for the EPPA, addressing the press conference by video, told reporters: “We take cybersecurity very seriously at the EPPA. After the Oldsmar attack last week, we have begun an internal review of our cybersecurity guidance to water treatment facilities and wastewater treatment facilities. I can tell you that the DWMD did file their risk assessment certification last fall, well ahead of schedule.”

When asked if the EPPA had reviewed the facility’s cybersecurity plan, Muir replied: “Facilities are not required to send a cybersecurity plan to the agency for review. They are only required to certify that they have conducted a facility risk assessment. That assessment does include a review of the cyber risk at the facility.”

Johnathan Quest, spokesperson for the FBI, also participating by video, told reporters that it was too early in the investigation to determine if there were any connection with the Oldsmar attack. He did say that the FBI had not yet ruled out terrorism as motive for the attack, “We have no idea who may be responsible, but we are assuming that it was a deliberate attack on the system. We do not know the motivation at this time.”

Funderburke reminded people to boil any water used for personal consumption or hygiene for at least one-minute before use. He also reported that chlorine levels in the water from the plant would be higher than normal for up to a week while the City purged the unchlorinated water from city lines. Some people might notice an unusual chlorine odor or taste to the water for a short period of time after that. “Chlorine levels will be well within safe limits, just higher than normal,” he clarified.

CAUTIONARY NOTE: This is a future news story –

COVID-19 Vaccine Production Shutdown at Four US Facilities

The Federal Drug Administration (FDA) announced this afternoon that production of Covid-19 vaccines had been brought to an abrupt stop at manufacturing facilities for all four types of vaccines that were currently approved for distribution in the United States. Manufacturing processes at all four of the production facilities stopped at 9:00 pm EST last night. An undisclosed number of production batches were effectively ruined when control was lost of the manufacturing control systems monitoring production stopped operating.

Clark Stanley told reporters this morning that there had been no injuries or hazardous chemical releases reported at the facilities affected by the production upsets. “Unfortunately,” Clark said: “there were millions of doses of the various vaccines that were destroyed in the attack. Every batch in production at the time of the stoppage will have to be destroyed; we have no way of knowing what was happening in the reaction vessels when the facilities lost view of the processes.”

The Federal Bureau of Inquiry (FBI) and the National Critical Infrastructure Security Operations Center (CI-SOC) are both investigating the apparent computer attack on these facilities.

General Buck Turgidson (USA Retired) reported via video link from the CI-SOC. “Our initial investigation discloses that each facility received multiple phishing attacks via emails that were sent from FDA accounts. Those emails were sent from FDA servers and directed the receivers to fill out on-line forms that were also housed on FDA servers. Those forms and email accounts were established by attackers during the SolarWinds compromise.”

Dragonfire Cyber is conducting the on-site investigations for CI-SOC. Dade Murphy, CTO for Dragonfire, told reporters at today’s news conference that they were still in the early stages of the investigation. “We have determined that there is very little in common in the control systems used at the four facilities. We are beginning to suspect that the vulnerability exploited in this attack may be in one of the subcomponents that are used in multiple systems; maybe a DLL vulnerability.”

FBI cyber investigation teams are looking at the affected servers at the FDA regional office in Denver. Johnathan Quest confirmed what was reported by Turgidson. “Our teams have found the email account and the compromised forms one of the server’s in the Denver office. The email account has been active January of last year. There has been a great deal of information requested and received from vaccine manufacturers by the account since it was established. Copies of all of that communication had been forwarded to command-and-control servers associated with the SolarWinds compromise that had only been identified in the last two weeks.”

Clark closed out today’s news conference by confirming that the FDA had ordered all vaccine manufacturing at the affected control systems could be cured of their current infections.

CAUTIONARY NOTE: This is a future news story –

Refinery Manager Charged in Drone Takedown

William Matthew Byrne Sr., US District Attorney, announced today that the manager of the Ravard Refinery in Inglewood was arrested on federal charges of interfering with the flight of an aircraft in relation to last weeks intercept of a drone flying over the refinery. John Muir, the refinery manager was arrested at his home early this morning and will be arraigned tomorrow morning on the charges.

Francis C. Whelan, the attorney representing Muir, told reporters outside the Edward R. Roybal Federal Building that Byrne was overstepping his authority in ordering the arrest of Muir and was pandering to the environmental organizations that were endangering the community by flying drones over the refinery.

“For the last six months there have been daily flights of moderate-sized unmanned aerial vehicles over the property owned by Ravard Refinery,” Whelan said; “The potential exists for these remotely controlled aircraft to cause catastrophic damage to the refinery. We have repeatedly asked Byrne to take action against the operators and he has refused to do so.”

Byrne admitted that he had been approached by the refinery about the drone complaints but said: “The drone operator was not violating any federal laws. Congress has authorized the FAA to put into place regulations allowing critical infrastructure facilities like the refinery to be declared ‘no fly zones’, but the agency has not taken any action on that authority.”

Cora Smith, the Director of Save Inglewood Now, admitted to this reporter that her organization had been responsible for flying the drone over the refinery. “We have been flying over the refinery tracking toxic chemical releases for about six months now,” she explained; “SIN is trying to get FEPPA to take action against Ravard for years now, but they insist that they have never detected an unreported release by refinery. We had a visual indication of a leak last week from the video feed of our drone, but it was brought down by the refinery, so we were not able to collect the sensor data about what chemical was involved.”

When asked about the release that SIN claims to have seen, Whelan explained that: “It was probably a steam release from a pressure relief valve; we had no chemical releases at the facility on the date the UAV was taken down.”

Smith reminded reporters that John Muir is the brother of Jay Muir who oversaw the Federal Environmental Process Protection Agency under the Trump Administration. “There was no way that FEPPA was going to take action against Ravard. We are hoping that will change under the new administration.

Muir was charged with illegally intercepting a wire transmission between the operator and the unmanned aerial system, interfering with the operation of an aircraft in causing it to land on the refinery property, and theft of an aircraft for not returning the UAS to the owner. Muir could face ten years in federal prison if convicted.

CAUTIONARY NOTE: This is a future news story –