Cryptosmith

The City of San Francisco has just suffered what sounds like the nightmare scenario of an insider attack on their computing infrastructure.

The ‘disgruntled employee’ who reportedly was ‘disciplined for poor performance’ had enough access to critical system components to give himself exclusive control of the infrastructure and apparently lock out other administrators. The system is said to still be running, but administrators have little control over it.

So what’s the lesson here?

On the one hand you have to give people the access they need to do their job. For network administrators, that’s essentially the keys to the castle. Network administration is a sufficiently complicated and obscure job that make it hard to find good people. Filling a position is a challenge to start with. You can’t tell how well someone will work out till they’ve been at it for a while. If they’re good, they might not stay in a government job, since they don’t tend to pay as well.

Banks have faced this problem for centuries: you have to hire tellers at low wages, and you have to trust them with far money that they ever get to take home. Banks solved this problem with separation of duty and lots of cross checking. As yet there’s no easy way to apply that to network administration.

Posted under Information Security |