I had a an opportunity to hear the San Francisco Assistant District Attorney (ADA) that prosecuted the Terry Childs case, Conrad Del Rosario, present a summary. For those that are unaware, Terry Childs was the lead engineer (not network administrator) of the City of San Francisco’s FiberWAN. He was convicted of withholding access to the WAN and sentenced to 4 years in prison.
There were a number of issues that were of direct relevance to the ICS community:
- Terry Childs installed many modems that no one else knew about. This describes far too many industrial facilities today.
- Lack of adequate configuration management/configuration control was a major issue just as in many industrial control system applications.
- A major part of trial dealt with the term “denial of service” because of the IT definition of denial of service. In this case, not all data was withheld, but access was withheld from the “superusers”. It is questionable how “loss of control” or “loss of view” would be viewed in a court setting.
- The investigators and the technology department personnel never mentioned, and perhaps did not realize, that the water treatment facilities were also connected by the water system organization. If the DA would have known about that interconnection, they could have argued the greater impact Childs’ actions could have really caused, further justifying the higher bail and possibly stronger punishment. This is a similar situation to the Hatch Nuclear plant shutdown where IT and Operations did not know their systems were interconnected.
- Evidence collection was a problem. However, in the Childs' case it was not because they couldn’t take all necessary evidence away. In the case of ICSs, there may be systems that cannot be taken away without impacting startup or operation. There needs to be further thoughts by the law enforcement community about this subject which is the reason for the proposed panel at the September ACS Conference.
I am hoping to have ADA Del Rosario present a summary of the Childs case at the September Conference.
Joe Weiss
