Terry Childs Case (SF City Network Engineer convicted of hacking) and ICS

July 14, 2011
I had a an opportunity to hear the San Francisco Assistant District Attorney (ADA) that prosecuted the Terry Childs case, Conrad Del Rosario, present a summary. For those that are unaware, Terry Childs was the lead engineer (not network administrator) of the City of San Francisco’s FiberWAN. He was convicted of withholding access to the WAN and sentenced to 4 years in prison. 
There were a number of issues that were of direct relevance to the ICS community:
- Terry Childs installed many modems that no one else knew about.
I had a an opportunity to hear the San Francisco Assistant District Attorney (ADA) that prosecuted the Terry Childs case, Conrad Del Rosario, present a summary. For those that are unaware, Terry Childs was the lead engineer (not network administrator) of the City of San Francisco’s FiberWAN. He was convicted of withholding access to the WAN and sentenced to 4 years in prison. 
There were a number of issues that were of direct relevance to the ICS community:
- Terry Childs installed many modems that no one else knew about.  This describes far too many industrial facilities today.
- Lack of adequate configuration management/configuration control was a major issue just as in many industrial control system applications.
- A major part of trial dealt with the term “denial of service” because of the IT definition of denial of service. In this case, not all data was withheld, but access was withheld from the “superusers”. It is questionable how “loss of control” or “loss of view” would be viewed in a court setting. 
- The investigators and the technology department personnel never mentioned, and perhaps did not realize, that the water treatment facilities were also connected by the water system organization. If the DA would have known about that interconnection, they could have argued the greater impact Childs’ actions could have really caused, further justifying the higher bail and possibly stronger punishment. This is a similar situation to the Hatch Nuclear plant shutdown where IT and Operations did not know their systems were interconnected.
- Evidence collection was a problem.  However, in the Childs' case it was not because they couldn’t take all necessary evidence away.  In the case of ICSs, there may be systems that cannot be taken away without impacting startup or operation. There needs to be further thoughts by the law enforcement community about this subject which is the reason for the proposed panel at the September ACS Conference.
I am hoping to have ADA Del Rosario present a summary of the Childs case at the September Conference.
Joe Weiss

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Manufacturing Marvels Highlights Why EZAutomation Is a Force to Be Reckoned With

Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...