Sometimes in protecting a network, the ones to watch are within the organization. That's the lesson learned by the City of San Francisco. The city's network administrator for its multimillion dollar wide area network (WAN) seized control of the network and denied other system administrators access for ten days while jailed. The network administrator, who had been experiencing conflicts with his supervisor, created a super password that effectively locked out all administrators but himself to the network's switches and routers. When he refused to reveal the password, he was arrested and held on a $5 million bond. The network that he held captive connects various city offices around San Francisco and supports 60 percent of the municipal government's information traffic. During the system administrator's incarceration, the city network continued functioning without incident. The system administrator's lawyer argued the defendant felt that none of the people who requested the password were qualified to have it. The defendant claimed his supervisor was undermining his work. The defendant wanted to uncover the problems in the city's Department of Telecommunication Information Services (DTIS). His intent was to "expose the utter mismanagement, negligence, and corruption at DTIS, which if left unchecked, will in fact place the City of San Francisco in danger," his motion read. It is assumed that drastic budget cuts that resulted in losing 200 of 350 employees at DTIS were behind the stress that ultimately drove the administrator to extreme measures. The network administrator finally revealed the super password to the network when after ten days in prison, San Francisco mayor Gavin Newsom visited him. The two had a lengthy private discussion that concluded with the mayor receiving the password, saving the city the hundreds of thousands of dollars it would have cost to sequentially reset hundreds of switches and routers around the city. This case points to several important lessons for businesses to observe regarding system administration. Rick Cook of Computerworld suggests that perhaps policies used by nuclear power plants, NASA, and the military might have prevented San Francisco from losing control of its network. Nuclear power plants deny access to systems at the slightest sign of suspicious activity. In San Francisco's case, by the time the suspicious activity was noticed, it was too late. The system administrator obviously did not have proper oversight and supervision. If the city used a system that logged administrator activities and assigned security officers to review them regularly, the damage could have been prevented. In the military, two people are required to take simultaneous actions to launch nuclear missiles. Similar requirements could be implemented with important system actions such as managing switches and routers. A most important preventive step is called identity management and access control (IM/AC). Identity management requires usernames and passwords, which most networks do effectively. Access control, however, is often undermanaged in important networks. Access controls prevent users from accessing systems and commands for which they do not have authority. Through a combination of close supervision, duplication of responsibilities, and identity management and access control, the San Francisco WAN kidnapping might have been avoided. Unfortunately, security measures come at some cost. Obviously, with budget cutbacks, the city could not afford the level of security needed for such an important network. As global economies become strained and economies increasingly depend on the stability of secure information systems, San Francisco's dilemma could be played out at a much grander scale unless security for information systems becomes as important as for nuclear power plants and missiles.
Discussion Questions
1. What was the cause of the problems for San Francisco's WAN?
2. How might these problems have been prevented?
Critical Thinking Questions
1. Did this system administrator's actions create the effect that he obviously intended? Were his actions justified and ethical?