After verdict, debate rages in Terry Childs case
"I'm actually surprised he was found guilty," said John Pescatore an analyst at research firm Gartner Inc. "The law seemed so vague and full of loopholes that I sort of thought it would be hard to convince a jury he intentionally sabotaged the network versus causing a disruption in a good faith attempt to do his job."
"Maybe it will have some deterrence for any other disgruntled administrators that may want to hold networks or systems hostage," Pescatore added. "But I would have liked to see more attention to the failures in process that allowed one person to hold everything hostage."
Jim Kirby, director of engineering at Dataware Services, an IT services firm in Sioux Falls, S.D., called the verdict "lame" and expressed hope that it would be thrown out by the judge. Kirby said that, based on his understanding of the case, Childs' refusal to hand over the passwords was understandable. "If what I've read is correct, and he simply refused to give out the password over a conference bridge with unauthorized people listening in, then this entire case is a real shame," he said.
However, others -- including numerous posters on Slashdot -- had less sympathy for Childs. "There's no question that what he did was malicious and even criminal," said Richard Gorman, CEO of Vormetric, a vendor of data security products. Childs' refusal to hand over the passwords needlessly caused San Francisco a "tremendous amount" of disruption and expense, Gorman said.
"If your boss demands the password, give it to them," said a commenter identified as "nomadic" on Slashdot. "Send them a letter along with the passwords saying that you are doing it under protest if you want, warn them of the dangers, whatever, but don't be idiotic."
The episode highlights the dangers companies can face when they hand over the "keys to the kingdom" to a single individual as the city of San Francisco appears to have done, Gorman said. It is a situation that is common across the private and public sectors, though not all instances of such insider abuse receive as much publicity.
Dealing with the issue requires companies to ensure that there is a clear separation of duties when it comes to the role of network and systems administrators, he said. Care should always be taken to ensure that one person does not have full access to all network components or have the ability to override all other administrators on a system, Gorman said.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
Read more about Security in Computerworld's Security Topic Center.
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!