Cybereye | Everyone needs management oversight
Commentary: Charges against Terry Childs of tampering with San Francisco's wide-area network underscore the risk of lax oversight in government systems
- By William Jackson
- Jul 31, 2008
It is too early to say what, if anything, former San Francisco Information Technology Administrator Terry Childs is guilty of. He has been charged with tampering with the city's wide-area network, allegedly having given himself broad access to the network and changing passwords to lock out the rest of the IT staff.
However, more significant than the actions of any individual in this case are the systemic problems it reveals. The threats to an IT system from insiders, regardless of their motivations, are well known. What is surprising about the San Francisco lockout is not that it occurred but that there apparently were so few procedures in place to guard against it.
Childs has pleaded not guilty to the charges, and at press time he was being held on $5 million bail because of the threat he might pose to the network.
The changes to the network were discovered July 13, and Childs was arrested two days later. Ron Vinson, deputy director of the city's Telecommunications and Information Services Department, was quoted as saying that Childs 'had unauthorized access to passwords of the network, and he was denying access to those that were authorized.'
If Childs' access was unauthorized, why wasn't it spotted before the security audit? If others had legitimate need to access the system, why didn't they notice they had been locked out? It sounds as if the department was content to let Childs administer the network himself, without much oversight.
This is not to say that Childs did nothing wrong, but it seems as if the city's IT department was at least guilty of lax security standards.
It is tempting to trust the people we put in charge of our systems, especially when municipal budgets are tight, staffs are small, and everyone has too much to do. Given the choice of hiring two cops, four people to pick up trash or one more IT administrator, guess what the choice is going to be.
'It does increase the risk of things going wrong,' said Paul Kocher, president of Cryptography Research, which has helped organizations recover from similar cases ' almost all of which were discovered when it was too late, he said.
IT administrators have the keys to the kingdom, said Michael Maloof, chief technology officer at TriGeo Network Security. That kind of power requires oversight. 'The minute this guy started changing credentials, alarms should have gone off,' Maloof said. And when Childs began using advanced privileges, there should have been alerts. 'You typically don't use those in the normal course of business,' Maloof said.
We don't know yet whether the trust placed in Childs was misplaced. But the case demonstrates that trust alone is not enough. If you turn your back long enough on areas this important, you will be bitten.
William Jackson is a senior writer of GCN and the author of the CyberEye blog.