John Akerson's Thoughts

Business, technology and life

Expectations, failure and Terry Childs

Terry Childs had a professional responsibility to install, manage and secure the Fiber WAN network for the City of San Francisco. He was serious about his responsibility. For several years as he was installing the network, the department for which he worked failed to establish any written guidelines as to who should or should not be allowed administrative level access to the network routers – leaving only Terry in that position 24/7/365.

In early June of 2008, Terry made complaints against a manager of his department regarding incompetence. In most organizations, those might be career-ending, and that’s not a newsflash. On June 20th, Terry found another employee (a former co-worker not assigned to that office), removing a hard drive.  That person claimed to be doing an unannounced audit of the department and demanded the administrative passwords to the routers, but had no documentation or information to indicate that she was specifically entitled or authorized to such access. As presented, that could have been textbook social engineering. It seems undocumented, unannounced and unprofessional.

Terry refused access. A member of management called in the police and the case was made that Terry had caused a denial of service by refusing to surrender passwords. Terry was charged and jailed. Eventually, he gave the passwords to the Mayor.

So – I’ve tagged this under people, availability, manageability, security and other stuff because the incidents surrounding Terry Childs show how critical people are. They are the foundation of security, availability, and manageability. 

Terry was a professional had multiple copyrights for his work on the networks in San Francisco. (From the US Copyright Office: Application Title: MPLS VPN fiberwan computer program design and configuration : vols. I , 2, 3 Second Edition.)

Perhaps calling management about a possible intrusion would have been more effective than the path he took.  If, however, management was so incompetent as to warrant his multiple complaints, if his confidence in management was so low – perhaps he didn’t value anyone’s advice or opinion. His professionalism put him in a position where expectations were just too high.

When expectations are impossible, success will be very elusive.

*****

Relevant links:

http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&A=/article/08/07/30/31NF-terry-childs-fact-fiction_1.html
**********************
http://www.infoworld.com/article/08/07/30/31NF-terry-childs-fact-fiction_1.html
Paul Venezia (best articles anywhere)
**********************
http://it.slashdot.org/article.pl?no_d2=1&sid=08/07/23/1515203
**********************
http://www.crn.com/government/209601143
**********************
http://blog.wired.com/27bstroke6/2008/07/former-san-fran.html
**********************
http://www.cio.com.au/index.php/id;120354960
**********************
http://www.computerworld.com.au/index.php/id;542215064;pp;1
**********************
http://www.cio.com.au/index.php/id;1165348158;pp;4

Advertisements

November 17, 2008 - Posted by | Availability, Manageability, Other Stuff, People, Security

No comments yet.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: