FBI probe at DWP includes scrutiny on cybersecurity

When FBI agents raided Los Angeles city departments last month, they sought documents related to the legal fallout from the Department of Water and Power’s botched rollout of a new billing system.

Now, newly reviewed portions of a warrant served at DWP headquarters the day of the raid indicate a broader federal probe than was previously known.

Investigators wanted information about cybersecurity and physical security issues at the DWP dating back to June 2008, according to portions reviewed this week by the Los Angeles Times. They also wanted to know about the DWP’s compliance with industry security standards and any destruction or manipulation of compliance records.

Investigators also sought records about recent international travel by DWP officials and any agreements the utility signed with foreign governments or entities, the warrant shows.

The FBI declined to comment this week. The DWP also declined comment.

Security has been an issue for the DWP in the past. A report disclosed in 2016 identified vulnerabilities at some of the city’s power stations, including a facility that lacked alarms at its exterior doors and another site where delivery vehicles were not inspected.

The revelations prompted the utility to fire its security chief, who later sued the city, alleging he was ousted for complaining about security gaps.

The FBI’s interest in security issues at the nation’s largest municipal utility adds new intrigue to the latest controversy stemming from the DWP’s 2013 billing fiasco. Outside attorneys are accused of engineering a lawsuit and subsequent settlement over the billing errors that shorted ratepayers.

One of those attorneys, Paul Paradis, has denied wrongdoing. The New York lawyer was brought in by the city attorney’s office to help sue the consulting firm that implemented the billing system. At the same time, his company, Aventador, secured a $30-million, no-bid DWP contract to fix the billing problems and work on cybersecurity issues.

Paradis later sold his company, and the new owners changed the name to Ardent, which still has a cybersecurity contract with the DWP.

The raids occurred on July 22, when FBI agents searched the offices of DWP’s then-general manager, David Wright, the DWP commission, the city attorney and others, seeking documents.

A section of the warrant served at the DWP that was reviewed by The Times on the day of the raids said investigators were seeking information about DWP contracts with companies affiliated with Paradis, including Paradis Law Group, Aventador, Ardent and Cybergym.

The warrant said investigators were seeking evidence of a wide array of possible crimes, including bribery, kickbacks, money laundering and violation of electric reliability standards, which are rules meant to ensure that electricity keeps flowing to customers.

Officials haven’t announced any arrests or charges in connection with the investigation.

The warrant passages newly reviewed by The Times show investigators wanted to know about security reviews performed for the DWP by Aventador, Ardent and other firms. They also sought security presentations to DWP employees or the Los Angeles City Council dating back to 2008.

Investigators also wanted to know about official foreign travel by DWP staff and representatives from Jan. 1, 2018, to the present. They sought records about DWP dealings with foreign governments and entities, and transfer of proprietary or sensitive information relating to the city or DWP.

It is unclear what trips and foreign governments the FBI is interested in.

Earlier this year, DWP spokesman Joe Ramallo told The Times that Paradis and DWP officials traveled to Israel twice in 2018 to meet with companies, including cyber and physical security firms.

The delegation wanted to learn more about security, in part for the utility’s preparation for the 2028 Olympics, Ramallo said.

Israel-based Cybergym and Israel Electric Corp. were listed as attendees at a DWP event in Israel, according to travel expenses obtained by The Times through a public records request.

An Israeli company called Cybergym operates arena-like facilities where companies are trained to fend off cyber attacks, according to its website. Cybergym is a joint venture of the Israel Electric Corp. and another firm, its website states.

It could not immediately be confirmed that the Cybergym firm mentioned in the warrant is the same company listed as attending the DWP event.

Israel Electric spokesperson Iris Ben-Shahal said the power company wasn’t aware of the details of the investigation but would closely follow “developments and their relevance to the parties’ relations, if there [are] any.”

Aventador planned to operate a Cybergym arena in downtown Los Angeles by this summer, according to a March 2019 proposal for a cybersecurity contract Aventador sought with the Southern California Public Power Authority, whose members include a dozen utilities.

The Times obtained a copy of the contract proposal through a public records request.

The warrant section also showed that investigators wanted to know if city officials had a financial interest in any business ventures, including Aventador, Cybergym and Ardent.

Attorneys for Paradis didn’t respond to repeated requests for comment. A representative for Ardent also didn’t respond to an email.