Is Your Sysadmin Planning a “Final Solution?”

I wrote about Terry Childs, the San Fran sysadmin who implemented his own “final solution” and locked everyone out of the network. Some government IT professionals with a “hackers mentality” may be planning their own personal vendetta against their ogres of a boss according to this article below. So to prevent your sysadmins from locking the doors and swallowing the key, or worse, deleting everything, you should take steps to monitor employees and reduce stress.

From GovTech here, with thanks to Don,

When Terry Childs, a network engineer for the city and county of San Francisco, locked co-workers out of the city’s computer network in July 2008 and refused to hand over access codes – even to the police – it took a jail-side visit from Mayor Gavin Newsom before the rogue IT worker surrendered the password.

Childs’ actions caused a sensation in the IT community. The threat posed by insider sabotage is real. In 2007, (NASCIO) released a report that suggested public scrutiny of government employees may reduce aggressive oversight and compliance regarding insider threats. The report cautioned CIOs about IT experts within state IT departments who have a hacker mentality, because “his or her expertise and resulting ability to exact a significant amount of damage which could garner unfavorable headlines.” Although the NASCIO paper doesn’t detail the underlying causes, it does show insider attacks are rising rapidly.

These findings mirror a 2006 survey conducted by the U.S. CERT, which found that 68 percent of cyber-attacks originated from within an organization.

Stress could be one factor behind the rise in internal attacks. Thirty-six percent of CIOs interviewed said bigger workloads are the greatest source of stress for their teams. Twenty-two percent cited the pace of new technology as the biggest stressor, followed by office politics at 18 percent.

39 states faced budget shortfalls, while half of the states already cut spending for fiscal 2009. With IT viewed as a major cost in government, CIOs and their workers – in virtually all government sectors – should expect to see further pressure to curtail IT budgets, along with a rise in worker-related stress.

So with more stress and smaller budgets sqeezing out skilled workers, 2009 may just be the year when insiders cause significant damage to organizations.