1. Home

Terry Childs Case (SF City Network Engineer convicted of hacking) and ICS

July 14, 2011
I had a an opportunity to hear the San Francisco Assistant District Attorney (ADA) that prosecuted the Terry Childs case, Conrad Del Rosario, present a summary. For those that are unaware, Terry Childs was the lead engineer (not network administrator) of the City of San Francisco’s FiberWAN. He was convicted of withholding access to the WAN and sentenced to 4 years in prison. 
There were a number of issues that were of direct relevance to the ICS community:
- Terry Childs installed many modems that no one else knew about.
I had a an opportunity to hear the San Francisco Assistant District Attorney (ADA) that prosecuted the Terry Childs case, Conrad Del Rosario, present a summary. For those that are unaware, Terry Childs was the lead engineer (not network administrator) of the City of San Francisco’s FiberWAN. He was convicted of withholding access to the WAN and sentenced to 4 years in prison. 
There were a number of issues that were of direct relevance to the ICS community:
- Terry Childs installed many modems that no one else knew about.  This describes far too many industrial facilities today.
- Lack of adequate configuration management/configuration control was a major issue just as in many industrial control system applications.
- A major part of trial dealt with the term “denial of service” because of the IT definition of denial of service. In this case, not all data was withheld, but access was withheld from the “superusers”. It is questionable how “loss of control” or “loss of view” would be viewed in a court setting. 
- The investigators and the technology department personnel never mentioned, and perhaps did not realize, that the water treatment facilities were also connected by the water system organization. If the DA would have known about that interconnection, they could have argued the greater impact Childs’ actions could have really caused, further justifying the higher bail and possibly stronger punishment. This is a similar situation to the Hatch Nuclear plant shutdown where IT and Operations did not know their systems were interconnected.
- Evidence collection was a problem.  However, in the Childs' case it was not because they couldn’t take all necessary evidence away.  In the case of ICSs, there may be systems that cannot be taken away without impacting startup or operation. There needs to be further thoughts by the law enforcement community about this subject which is the reason for the proposed panel at the September ACS Conference.
I am hoping to have ADA Del Rosario present a summary of the Childs case at the September Conference.
Joe Weiss

Continue Reading

Sponsored Recommendations

2024 Industry Trends | Oil & Gas

We sit down with our Industry Marketing Manager, Mark Thomas to find out what is trending in Oil & Gas in 2024. Not only that, but we discuss how Endress+Hau...

Level Measurement in Water and Waste Water Lift Stations

Condensation, build up, obstructions and silt can cause difficulties in making reliable level measurements in lift station wet wells. New trends in low cost radar units solve ...

Temperature Transmitters | The Perfect Fit for Your Measuring Point

Our video introduces you to the three most important selection criteria to help you choose the right temperature transmitter for your application. We also ta...

2024 Industry Trends | Gas & LNG

We sit down with our Industry Marketing Manager, Cesar Martinez, to find out what is trending in Gas & LNG in 2024. Not only that, but we discuss how Endress...

Latest from Home

Source: Trihedral

Most Read

Sponsored