Sabotage can come from the inside

The arrest last month of a technology administrator from the City of San Francisco for hijacking the municipal computer network and blocking access to everyone but himself has been a real wake-up call to anyone involved in technology, whether in the private sector or the public one. It renews the urgency of checking your security networks and making sure they cannot be penetrated.

The city now must overhaul its computer security for the network that controls data for its police, court, jail, payroll and health services. Terry Childs was arrested on July 13. Authorities said employing the user name Maggot617, Childs took control of the network and refused for eight days to turn over passwords that only he controlled

The crisis prompted the city's IT department to belatedly bolster network oversight, and to consider hiring outside auditors to monitor a security upgrade. City officials also will review all access to its network that handles payroll, email and criminal files. Dawn Cappelli, of the Carnegie Mellon Software Engineering Institute's Computer Emergency Response Team, told the Washington Post in an article published on Aug. 11 that there is always a great risk of insider sabotage. "If you have IT, then it can happen to you," she said.

For more on industrial sabotage:
- see this Washington Post article