Is the plan PG&E proof?
That is the question Councilman John Harris essentially posed in early discussions about upgrading technology in the Manteca City Council chambers.
It was a reference to the Sept. 13, 2005 incident where a paid contracted employee of a firm hired by PG&E to keep tabs on the South San Joaquin Irrigation District board sat in the back of the SSJID board room during a public meeting and tapped into confidential files regarding SSJID’s bid to take over PG&E territory by using a laptop and wireless technology.
The incident triggered an FBI investigation. Ultimately, PG&E agreed to cover SSJID’s legal costs in the incident plus pay for an upgrade of the irrigation district’s firewalls to the tune of just under $500,000. Despite forking over almost $500,000, PG&E said they were not admitting to any wrongdoing.
Given the expensive and potentially damaging impact that had on the SSJID, it is understandable why elected Manteca officials want to make sure the city is protected against rogue hackers who – like the hired hand working for PG&E – could sit in the council chambers and pilfer confidential files using nothing more than a smartphone.
Manteca City Manager Karen McLaughlin assures that it would be extremely difficult to do what the contracted employee with Meridian Pacific did acting on PG&E’s behalf while sitting in the city council chambers either now or after technology upgrades are made.
That’s because the city’s Information Technology Department for years has been charged with overseeing a computer system that includes two super sensitive components – police records and financial transactions.
While nothing is bullet proof, it is virtually impossible for anyone unauthorized to cut into the system using a wireless connection. McLaughlin said that will be the case even with the council and staff using tablet or laptop technology that relies on wireless technology.
In the SSJID incident, PG&E repeatedly emphasized it had no knowledge that Meridian Pacific, a Sacramento consulting firm PG&E hired that handled a number of Republican political campaigns, was accessing SSJID files.
Meridian Pacific said they did nothing illegal as they contended the files were legally accessed by an intern whom they paid on a piecemeal basis to keep tabs of SSJID meetings on behalf of PG&E.
The intern used a laptop computer to access the files from then SSJID General Manager Steve Stroud’s computer using wireless technology. It happened while the intern sat in the back of the board room listening to Stroud and the elected directors conduct district business in public. He forwarded the information to Meridian Pacific during the meeting. The consulting firm then sent the information to the PG&E Stockton office where an employee alerted company officials who in turn contacted authorities and then notified SSJID.
A memo from Meridian Pacific stated, “Meridian’s contractor spent a brief time browsing 31 documents in this publicly accessible shared folder and forwarded seven to Meridian Pacific Inc. Imagine a public meeting with handouts on a table when you walk in the door.”
Nice analogy except the “handouts” weren’t public files just lying around. You had to get into the SSJID system to access them.
The forensic report provided by Meridian Pacific showed that “brief time” of browsing was between 8:58 a.m. and 11:47 a.m. The names of the 31 files – many of which were in a folder used by SSJID General Manager Steve Stroud – were blacked out in the report Meridian Pacific distributed. If they weren’t sensitive why black the names out?
The report indicated the contractor e-mailed Elizabeth Hansell at Meridian Pacific a summary of that day’s SSJID meeting at 11:54 a.m.
Earlier, at 10:29 a.m., the contractor had sent to Hansell at Meridian Pacific a brief e-mail that read “Liz, I am at the meeting and I was able to pull some documents off the public network regarding the takeover. Most of the stuff, you probably are aware of, but it might be worthy to look through all the documents. Are you interested in them? They were simply on someone’s unprotected, public portion of their shared documents. So I took them and saved them.”
Stroud indicated in 2005 that at one point that SSJID’s forensic expert said as many as 715 SSJID files may have been accessed by unknown persons.
The pilfering of files came at a particular critical juncture. SSJID was responding to issues brought up by the California Public Utilities Commission regarding the district’s bid to enter the retail power business.
It might be worthy for the San Joaquin Local Agency Formation Commission staff to note, that after all the dust settled the CPUC agreed SSJID was quite capable of doing what it plans to do and gave the green light.
The LAFCo staff is now on month 45 of reviewing the SSJID application to enter the retail power business.
It is easy to understand why Harris or any other council member would be leery of any technology upgrades in terms of wanting to make sure the integrity of the city’s business is protected.
This column is the opinion of executive editor, Dennis Wyatt, and does not necessarily represent the opinion of The Bulletin or Morris Newspaper Corp. of CA. He can be contacted at email@example.com or 209-249-3519.