Weaponized Policy: A Case Study in Security Oversight
What happens when a policy designed to protect public health becomes a ticking time bomb for public safety? How can something as innocuous as a protective tarp—installed with the best of intentions—become the very reason an entire city burns more easily? And more importantly, what if someone were to do it on purpose?
In January 2025, the Palisades Fire in Los Angeles erupted into a fast-moving inferno that scorched thousands of acres, destroyed over 12,000 structures, and overwhelmed firefighting efforts. But the heat wasn’t the only problem. Firefighters were critically hampered by a lack of water—specifically, the absence of 117 million gallons from the Santa Ynez Reservoir, which had been drained nearly a year earlier to repair a rip in its protective cover.
The cover itself was originally installed to shield drinking water from contamination. The intention was good. The outcome was catastrophic.
This event didn’t just highlight the importance of emergency preparedness—it revealed how certain safety policies, if not properly contextualized, can create glaring vulnerabilities. And worse, they can be exploited.
The Problem with Good Intentions: When Safety Protocols Go Too Far
In 2011, Los Angeles installed a floating cover over the Santa Ynez Reservoir to comply with EPA water quality regulations aimed at preventing microbial contamination. The goal was to protect public health by keeping pollutants, wildlife, and debris out of the city’s drinking water supply. These kinds of covers are common, and they’re usually seen as a mark of sound environmental and public policy.
But the cover wasn’t indestructible. In 2022, and again in early 2024, it tore. And because regulations prohibit the use of an uncovered open-air reservoir for drinking water, LADWP (Los Angeles Department of Water and Power) had no choice: they had to drain the entire reservoir—117 million gallons of water—just to patch the hole.
Repair delays meant the reservoir stayed offline far longer than expected. When the 2025 wildfire broke out, the reservoir was still empty, contributing to dry hydrants and depleted firefighting capacity across the Palisades and surrounding areas.
A safety measure designed to protect health had turned into a logistical nightmare. And here's the chilling part: it didn’t have to be accidental.
Through the Eyes of an Attacker
From a physical security perspective, the situation at Santa Ynez represents a near-perfect example of how infrastructure policy, when decoupled from security thinking, can become a vector for intentional harm.
If you were to look at the scenario through the lens of an attacker, the logic is devastatingly simple:
Find a critical water reservoir covered with a tarp.
Rip the tarp.
Let policy do the rest.
Because environmental and public health regulations mandate that a torn tarp requires a complete drain and repair before the reservoir can come back online, a single point of failure, a simple cut in a synthetic membrane, triggers a cascading crisis. It doesn't take explosives, malware, or insider access.
The consequences? A city left with diminished firefighting resources, vulnerable to wildfires, or worse, without drinking water during a natural disaster.
And because repair timelines are lengthy (due to procurement, environmental impact assessments, and technical constraints), a malicious actor would know they’re not just causing a temporary problem. They're potentially disabling critical infrastructure for years.
This is a prime example of Asymmetric Attacks, which effectively means the ability for an attacker to utilize minimal effort and risk to them, for maximum affect against the victim.
Why This Should Be Caught in a Physical Security Audit
This isn’t just a hypothetical risk, it’s exactly the kind of scenario that should be identified in a professional physical penetration test or security audit.
During a physical security audit, assessors think like adversaries. They look beyond locks and fences to examine how people, procedures, and infrastructure interact in the real world. A well-executed audit would have asked questions like:
What happens if the reservoir cover is damaged intentionally?
Is there a contingency plan that prevents complete draining?
Are there cameras, motion detectors, or physical barriers preventing unauthorized access to the reservoir?
Is the water system resilient to multi-month outages of key components?
How many other reservoirs have similar vulnerabilities?
Moreover, a threat modeler would quickly see the downstream effects: disable a reservoir, reduce firefighting capacity, increase damage during a natural event like a wildfire. In places like California—where fire season is no longer seasonal, this kind of attack is both low-effort and high-impact, or asymmetric.
Yet these scenarios are often missed, because they don’t fit into traditional cybersecurity frameworks. They fall between domains: policy, infrastructure, and security. That’s precisely why interdisciplinary audits that include red team thinking, infrastructure knowledge, and regulatory awareness are essential.
Final Thoughts
The Santa Ynez Reservoir incident shows how well-meaning policy can unintentionally introduce critical vulnerabilities. A rule meant to protect drinking water ended up draining a vital firefighting resource, right when it was needed most.
This happened because only two of the three pillars of security were considered:
Compliance shaped the policy to meet regulations.
Defense enforced protective measures to avoid contamination.
But Offense, the adversarial mindset, was missing. No one asked, What if someone rips the tarp on purpose? What happens then?
If someone from the offensive pillar had been involved during policy development, this single point of failure might have been caught early. Black team thinking could have prompted contingency plans, smarter infrastructure design, or layered safeguards.
Security isn’t just about following the rules—it’s about thinking like those who might break them. Ignoring that perspective turns good intentions into dangerous liabilities.