I was going to ignore this, but I can't do it any longer. The short story is that a network administrator for the city of San Francisco changed the primary administrative password that controlled access to its fiber option routing infrastructure. He didn't share the password with anyone else and refused to share it until recently.
Many people are approaching this incident from an information security perspective. This guy had the only administrative password to the fiber network, how could this not be a security issue? I'll agree that the symptoms of the problem fall into the information and network security realm. However, the root cause is something different.
The root cause is a human resources issues, specifically a first line supervisor issue. The accounts that I have read of this issue indicate that Terry Child, the administrator in question, had been unhappy with his salary. I further understand that his management team knew that he was unhappy with it for some time.
As a manager, you need to have some insight into your team members. I can tell when the guys on my team are stressed out, tired, or distracted. I'm sure that Terry demonstrated similar behavior and I'm sure that his supervisor noticed it. As soon as the supervisor noticed the disgruntled behavior he or she should have started taking some type of remedial action. If discussing the situation did not improve it and his behavior started to call his trustworthiness into question, he should have been removed from his position immediately.
By definition, system administrators are highly trusted individuals. They hold the keys to your electronic kingdom. The absolute instant, you don't believe you can trust them, you need to get rid of them. I think that is the root cause of San Francisco's problem here. The HR management system did not work effectively.
Think I'm full of it? Let me know in the Comments.
Many people are approaching this incident from an information security perspective. This guy had the only administrative password to the fiber network, how could this not be a security issue? I'll agree that the symptoms of the problem fall into the information and network security realm. However, the root cause is something different.
The root cause is a human resources issues, specifically a first line supervisor issue. The accounts that I have read of this issue indicate that Terry Child, the administrator in question, had been unhappy with his salary. I further understand that his management team knew that he was unhappy with it for some time.
As a manager, you need to have some insight into your team members. I can tell when the guys on my team are stressed out, tired, or distracted. I'm sure that Terry demonstrated similar behavior and I'm sure that his supervisor noticed it. As soon as the supervisor noticed the disgruntled behavior he or she should have started taking some type of remedial action. If discussing the situation did not improve it and his behavior started to call his trustworthiness into question, he should have been removed from his position immediately.
By definition, system administrators are highly trusted individuals. They hold the keys to your electronic kingdom. The absolute instant, you don't believe you can trust them, you need to get rid of them. I think that is the root cause of San Francisco's problem here. The HR management system did not work effectively.
Think I'm full of it? Let me know in the Comments.
