A former employee of a rural central Kansas water facility pleaded guilty on Wednesday to tampering with its computer system and shutting down the plant, the Justice Department announced.
Wyatt Travnichek, 23, of Lorraine, pleaded guilty to one count of tampering with a public water system and one count of reckless damage to a protected computer system during unauthorized access.
Travnichek was hired at the Post Rock Rural Water District in Ellsworth, which supplies water to about 1,500 customers in central Kansas, in 2018 but resigned one year later in January 2019, according to court documents.
While working at the plant, Travnichek was able to monitor it after hours using a remote login system which could be accessed via a shared passcode, according to the Kansas City Star.
Months after he had resigned, on March 27, 2019, the former employee allegedly used his cell phone to access the remote system and shut down the plant, and turn off one of its filters.
The Environmental Protection Agency, the Federal Bureau of Investigation, and the Kansas Bureau of Investigation investigated the case and established that Travnichek’s cell phone was used to perpetrate the intrusion.
Travnichek later told officials that he had been intoxicated at the time of the incident and didn’t remember anything about that night in March.
The former employee faces a prison sentence of 12 months and one day, although a district court judge will determine a sentence after considering the U.S. Sentencing Guidelines and other statutory factors.
Assistant U.S. Attorney Christine Kenney is prosecuting the case.
“Ensuring the security of our nation’s cyber infrastructure is one of the FBI’s top priorities and the plea underscores the joint dedication to that effort by the FBI, EPA, and the Kansas Bureau of Investigation,” said FBI Special Agent in Charge Charles Dayoub.
“There is no doubt that Travnichek’s intentional actions directly placed the public in harm’s way. The plea should send a clear message to anyone who attempts to tamper with public facilities—law enforcement will remain resolute in investigating any and all threats that put the public’s health at risk,” Dayoub added.
Special Agent in Charge Lance Ehrig of the EPA’s Criminal Investigation Division in Kansas said protecting America’s drinking water is a “top EPA priority.”
“EPA will continue our focused efforts with DOJ and the states as we investigate and pursue any threats that might be directed toward vital community drinking water resources,” Ehrig said.
Cybersecurity has become a key focus of the Biden administration. A devastating wave of cyberattacks has compromised sensitive government records and at times led to the shutdown of the operations of energy companies, hospitals, and schools.
Earlier this week, the U.S. Commerce Department’s Bureau of Industry and Security announced new rules intended to curb the sale of offensive cybersecurity products to some countries with “authoritarian” practices.
An interim rule issued Wednesday states that U.S. companies and any company that sells U.S.-made cyber software will need a license when selling hacking tools or other cybersecurity items to certain foreign governments or any buyers, including middlemen, that pose a risk to a national security or weapons of mass destruction concern, such as China and Russia.
Users restricted from using these products would also include those subject to arms embargoes.
“These items warrant controls because these tools could be used for surveillance, espionage, or other actions that disrupt, deny or degrade the network or devices on it,” the interim rule reads.
It is set to take effect in 90 days.
Reuters contributed to this report.