Skip to: Content
Skip to: Site Navigation
Skip to: Search


A city locked out of its own data network

Officials in San Francisco charge that one of their own employees gave himself exclusive access to key switches on the city’s computer network.

(Page 2 of 2)



Ironically, San Francisco began building its network three years ago out of a desire to be less reliant on outside systems, says Ron Vinson, chief administrative officer for the city’s Department of Telecommunications and Information Services. Childs was a key developer on the project.

Skip to next paragraph

The network, called FiberWAN, currently encompasses 60 percent of the city’s internal and external business sprawling over 60 departments.

The lockout hasn’t disrupted city services, yet: Officials can still send e-mails across departments, and residents can still pay taxes and parking tickets online. But it has created no-go areas on the system where officials aren’t sure if sensitive data – such as e-mails and payroll records – have been compromised.

“We had control of the house,” Mr. Vinson says by way of analogy, “but there were certain rooms inside the house where we didn’t know what was going on and did not have access.” His team is trying to identify and access all the locked “rooms.”

The exclusive privileges that officials say Childs gave himself were discovered, Vinson says, after the city hired a security chief and she began upgrading security protocols. Prosecutors have said Childs locked out other administrators after a confrontation with the security head.

Vinson estimates the costs of the restoration work will be in the hundreds of thousands of dollars.
Nearly half of computer security breaches take weeks to mitigate, according to the Verizon report, with 14 percent taking months. Detection times are worse, with 63 percent of attacks going unnoticed for months. In 70 percent of cases, it’s a third party who notices first.

There’s no simple way to profile malicious insiders, says Mark Maybury, executive director of the IT division at the MITRE Corp., a nonprofit research-and-development group outside Boston. He has researched hundreds of insider cases with the aim of developing computerized sensors to detect them.

“Just as insiders are highly heterogeneous in their demographics, so too are they highly heterogeneous in their behaviors. Therefore, you can’t detect all insiders with one sensor,” Dr. Maybury says.

At this point, however, not much sensor software is commercially available, he says. Still, basic security protocols and simple attentiveness are crucial preventative measures, say experts.

Vinson’s department does conduct backups, he says. And there are fail-safe systems and disaster recovery plans – but they were designed with natural disasters in mind. “If an earthquake happened, we all have instructions about what to do. But we don’t have instructions for what to do when it’s one of your own employees,” says Vinson.

[Update: Terry Childs hands over the codes. Full story at the Horizons blog.]

Permissions