After verdict, debate rages in Terry Childs case
"I'm actually surprised he was found guilty," said John Pescatore an analyst at research firm Gartner Inc. "The law seemed so vague and full of loopholes that I sort of thought it would be hard to convince a jury he intentionally sabotaged the network versus causing a disruption in a good faith attempt to do his job."
"Maybe it will have some deterrence for any other disgruntled administrators that may want to hold networks or systems hostage," Pescatore added. "But I would have liked to see more attention to the failures in process that allowed one person to hold everything hostage."
Jim Kirby, director of engineering at Dataware Services, an IT services firm in Sioux Falls, S.D., called the verdict "lame" and expressed hope that it would be thrown out by the judge. Kirby said that, based on his understanding of the case, Childs' refusal to hand over the passwords was understandable. "If what I've read is correct, and he simply refused to give out the password over a conference bridge with unauthorized people listening in, then this entire case is a real shame," he said.
However, others -- including numerous posters on Slashdot -- had less sympathy for Childs. "There's no question that what he did was malicious and even criminal," said Richard Gorman, CEO of Vormetric, a vendor of data security products. Childs' refusal to hand over the passwords needlessly caused San Francisco a "tremendous amount" of disruption and expense, Gorman said.
"If your boss demands the password, give it to them," said a commenter identified as "nomadic" on Slashdot. "Send them a letter along with the passwords saying that you are doing it under protest if you want, warn them of the dangers, whatever, but don't be idiotic."
The episode highlights the dangers companies can face when they hand over the "keys to the kingdom" to a single individual as the city of San Francisco appears to have done, Gorman said. It is a situation that is common across the private and public sectors, though not all instances of such insider abuse receive as much publicity.
Dealing with the issue requires companies to ensure that there is a clear separation of duties when it comes to the role of network and systems administrators, he said. Care should always be taken to ensure that one person does not have full access to all network components or have the ability to override all other administrators on a system, Gorman said.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts