San Francisco crisis highlights insider threat

The biggest security weaknesses have always been from your own staff, as the case of the San Francisco IT administrator who has hijacked the city's networks shows.


The unfolding crisis in San Francisco this week -- in which a city network administrator has been arrested for allegedly holding the network hostage -- represents an extreme example of the insider threat that IT security vendors and others have been sounding the alarm about for years.

The latest on the San Francisco situation is that the city's prosecutors and its mayor, Gavin Newsom, are seeking to resolve the crisis by having experts try to take back the city's compromised network from 43-year-old Terry Childs, who was arrested for alleged computer tampering when he refused to relinquish network control.

There's worry that Childs, who has worked for the city for five years but faced the sack for alleged poor performance, may have installed the means to electronically destroy sensitive documents.

Childs, who now sits in a jail cell on $5 million bond, is also a former criminal convicted of aggravated robbery and burglary stemming from charges over two decades ago, which the city knew when it hired him as a computer engineer.

The insider threat is typically disgruntled and unscrupulous employees trying to gain access to information they shouldn't, and sharing it for personal gain, espionage or revenge. Finding countermeasures now looms large in the plans of many companies--especially ones that have been hit.

"A year ago we suffered some breaches," says Steve Farrow, managing director for the UK-based operations of Pilz, the Germany-based manufacturer of industrial safety machinery. "We suffered a physical break-in where someone stole hard disks in order to steal computer data, not taking the whole machine. They targeted intellectual property linked to development plans. It wasn't encrypted."

Farrow thinks an insider was probably the culprit, though no one was caught despite police effort. In another case around the same time, says Farrow, an employee went to work for a competitor, handing the new employer electronic data about financial reports and product-launch dates. The combination of those two events spurred Pilz to undertake new defences in data protection by rolling out document-control software for security.

The software from Liquid Machines for enterprise-rights management establishes read, write and print controls on sensitive research and business information, while storing it encrypted. "Everyone in the company who has a computer is getting this," says Farrow, which means about 1,300 people. He adds that physical security has also been tightened after what was seen as an emergency at the firm.

Concerns about the potential for a rogue insider stretch far and wide.

"Recommended For You"

Why IT worker took control of San Francisco's networks Ex-San Francisco IT admin found guilty of network tampering