To an auditor or anyone with security training this screams of a security risk.
One critical guy who has no backup. private and sole knowledge of the system, never takes vacations. arrogant and protective of his knowledge.
Its a classical case of what should be avoided. There are no management controls in place. He could have been running any number or illegal operations, scams or selling of bandwidth to criminal groups, set up a virtual network … whatever. No-one would know. “Dual controls” are a fundamental for any critical operation – they are intended to prevent the abuse of privilege we see in this case, to divide the responsibility of the completion of a process into separate, accountable actions, or to safeguard integrity. Childs represents a single point of failure, and management is at fault for letting this situation arise.
His ‘pride in his work’ and treating the network like a child also comes across as a disregard for the end users, the people for whom the network is supposed to function.
It certainly appears that Terry Childs believed San Francisco’s FiberWAN network was his baby, and that by refusing to allow others to access the inner sanctum was in the best interests of the city, the citizens, and perhaps most importantly, himself.
Himself yes, the others, no. His dog-in-a-manger attitude shows a disregard for the end-user, municipal clients, his peers and those he should be mentoring.
His attitude towards management, formal procedures, (like change controls and documentation), standards and automation of processes are frightening. These are signs that an auditor should have caught long ago. The question is ‘why didn’t that happen?’
As I said, his managers are at fault for letting this situation arise.
One again its the suit-geek dichotomy; because they don’t want to know the technical issues and be involved in them the managers let geeks like Terry Childs have free reign and don’t institute basic controls.
So when they do have to reign him in — UPSET. They are now paying the consequences.
The city is better off without Childs, but unfortunately it would also be be better off without some of his managers too. What it does need is proper administration, of its networks and of its technical staff.
Forcing the issue may have impacted the city’s use and control of its network in the short term but not in the long term.
I suspect that the situation will resolve itself with Terry Childs as the scapegoat and his managers being absolved. Our legal system has an all-or-nothing attitude towards accountability. In a just world the managers who let this happen would be punished. Knowing how government IT works they will probably be promoted.
Will the City IT institute some basic controls and policies? Possibly, but once again I’m cynical and suspect they will be specific and reactive ones rather than wise and encompassing ones that calmer minds consider as a good baseline of security management practice and staff administration.