It reads like the perfect storm of data center security nightmares: A disgruntled technician from a third-party contractor gains access to your data center and hits the Emergency Power Off (EPO) button. Here’s the rub: the data center controls the electrical grid for the state of California.
It happened last week at the California Independent System Operator (Cal-ISO) in Folsom, Calif., which manages the state’s power infrastructure. The FBI says that Lonnie Denison, a computer specialist at Science Applications International Corp. (SAIC), intentionally hit the “big red button” after finding his computer access to the Cal-ISO network had been restricted. Denison has a “history of mental illness, drug abuse and alcohol issues,” according to the FBI affidavit, and SAIC had warned days earlier that he should be denied access to the facility Cal-ISO facility, authorities said.
Officials say Denison was able gain access to the Cal-ISO data center, which was secured by a electronic card readers and a handprint scanner. Once inside, he broke a glass seal and hit the EPO button, crashin the data center – but thankfully, not the grid. Officials said that has the outage occurred during normal business hours, it could have disrupted the western United State’s power grid. Twenty computer technicians worked for seven hours to restore the systems.
The April 15 incident has raised alarms among state and federal energy regulators. “Something failed,” Erik Saltmarsh, executive director of the California Electricity Oversight Board, told the AP. “It’s bad. It clearly flags that there is a problem either in the procedures” or the way they were carried out.
Denison was arrested by the FBI on Wednesday and charged with attempted destruction of an electrical facility.