After verdict, debate rages in Terry Childs case
"I'm actually surprised he was found guilty," said John Pescatore an analyst at research firm Gartner Inc. "The law seemed so vague and full of loopholes that I sort of thought it would be hard to convince a jury he intentionally sabotaged the network versus causing a disruption in a good faith attempt to do his job."
"Maybe it will have some deterrence for any other disgruntled administrators that may want to hold networks or systems hostage," Pescatore added. "But I would have liked to see more attention to the failures in process that allowed one person to hold everything hostage."
Jim Kirby, director of engineering at Dataware Services, an IT services firm in Sioux Falls, S.D., called the verdict "lame" and expressed hope that it would be thrown out by the judge. Kirby said that, based on his understanding of the case, Childs' refusal to hand over the passwords was understandable. "If what I've read is correct, and he simply refused to give out the password over a conference bridge with unauthorized people listening in, then this entire case is a real shame," he said.
However, others -- including numerous posters on Slashdot -- had less sympathy for Childs. "There's no question that what he did was malicious and even criminal," said Richard Gorman, CEO of Vormetric, a vendor of data security products. Childs' refusal to hand over the passwords needlessly caused San Francisco a "tremendous amount" of disruption and expense, Gorman said.
"If your boss demands the password, give it to them," said a commenter identified as "nomadic" on Slashdot. "Send them a letter along with the passwords saying that you are doing it under protest if you want, warn them of the dangers, whatever, but don't be idiotic."
The episode highlights the dangers companies can face when they hand over the "keys to the kingdom" to a single individual as the city of San Francisco appears to have done, Gorman said. It is a situation that is common across the private and public sectors, though not all instances of such insider abuse receive as much publicity.
Dealing with the issue requires companies to ensure that there is a clear separation of duties when it comes to the role of network and systems administrators, he said. Care should always be taken to ensure that one person does not have full access to all network components or have the ability to override all other administrators on a system, Gorman said.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
Read more about Security in Computerworld's Security Topic Center.
- Top 10 Reasons to Strengthen Information Security with Desktop Virtualization Regain control and reduce risk without sacrificing business productivity and growth
- Preventing Sophisticated Attacks: Anti-Evasion & Advanced Evasion Techniques McAfee Next Generation Firewall applies sophisticated analysis techniques specifically to detect advanced evasion techniques (AET).
- The Security Industry's Dirty Little Secret The debate over advanced evasion techniques (AETs) This report summarizes the findings of a McAfee commissioned research group to determine the level of understanding IT security professionals have about AETs...
- Demand More, Get the Most from the Move to a Next-Generation Firewall Beyond the basics in a next generation firewall, to protect your investment you should demand other valuable features: intrusion prevention, contextual rules, advanced...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!