This is factually incorrect. It was Terry’s job to administer the network routers and had been for years. The city set many minimum requirements for the position including years of experience and certification. The city found that Terry met the qualifications and selected Terry for the job. Part of the job of administering the routers is to set passwords for the routers. This was and had been Terry’s job for years. In addition, it is standard security practice to routinely change passwords so that in the event a password had been compromised, security would periodically be re-established. This was also part of Terry’s job and had been for years.

Terry is not charged with disabling anyone’s passwords. Neither is he charged with setting the passwords in the first place. He is charged with failing to disclose the password. Oddly, the law cited as having been violated (California Penal Code subsection 502) has nothing to do with failing to disclose passwords but rather applies to “502. Unauthorized access to computers, computer systems and computer data.” He most definitely did have and has had authorization to set passwords on the routers for years.

Further, the passwords in question were not to servers where information would be stored but rather to network routers which control the flow of traffic on the network. Thus the city was not left with “no control over their information.”

The network itself continued to function normally throughout even while Terry was held in jail and up until Terry was suspended from work on July 9th, 2008, the city still had the same one and only employee available to administer the routers as it had had for years… Terry Childs. Thus no “denial-of-service” existed until he was suspended and they then claimed they did not have the access which they also admitted that they knew they had not had for some time.

The network routers include a feature which allows them to be reset. The city could, at any time, have reset the routers and reconfigured them to regain complete administrative control of the network routers.

Managers within the Department of Telecommunications and Information Services (who were purportedly attempting to fire Terry) have stated that they did not know the configuration of their own routers.

Thus the passwords or the lack of the passwords are not even the prohibiting factor in this case but rather the issue is the lack of knowledge and ability within the DTIS department to be able to reconfigure the routers -without- Terry Childs, the one person whom they have been paying for years to do so.

Dana graduated with a four year degree from San Diego State majoring in computer science. Worked his way up working with an affiliate of the S.F. Chronical reaching CIO status after ten years. The company was sold so he moved on finding a position as COO of DTIS. He finally quit on his terms because of the corrupt politics. When he left everything went to hell and they wanted him back. He declined and now owns a computer repair shop that would puts the geek squad at Best Buy to shame.

So, I’m not sure what planet you can just pick up a magazine and end up making a six figure income managing a couple hundred people, but I’m pretty sure it isn’t Earth. And if you actually do believe that, then why would you defend the management that would hire a guy who has that kind of background?

I could save my organization an easy $5 Million per year if only high level manager would set up a meeting and ask me how. Taking the initiative and going over my boss’s head to present my ideas to upper management directly would be career/financial suicide. Climb down from your ivory tower and come talk to me.

I was the Chief Operations Officer for DTIS (Dept. of Telecommunications Information Services) from 2000 to 2004.

I do not believe Terry should be in jail at all. Under my leadership at DTIS, I have had far worse employees who did not do any extended jail time and certainly did not a bail of that nature while their cases were pending. I believe Terry is being subjected to the horrible politics of San Francisco and incompetent senior executive leadership of DTIS. Let me point this out as senior executive that actually understands technology unlike the current senior leadership at DTIS:

Some journalists are writing stories such as “Out of Control! Felony
Charges for System Crasher” from examiner.com and other journalist articles calling
Terry a “hacker”. Let’s set the record straight, and I’m sure that most technology professionals would agree:

1. First of all, what Terry allegedly did was change passwords on the City’s
network infrastructure. That has yet to be heard in court as there are always 2 sides to the story.

2. There is no “System crash”, the reality is that all servers are most likely running
fine.

3. There is no “denial of service” as some journalists are accusing him of
doing. Denial of service in I.T. terms is used to define repeated attacks
using data that can overwhelm a corporate network so that end users are affected, or slowing or stopping the network which can create a denial of service to end users. That simply is not the case here.

4. Hacking is breaking and decrypting passwords. Changing passwords should not be referred to as hacking.

5. Realistically, unless the city network engineers need to do maintenance
on the network, all systems are running fine. Any new network changes will
need to be re-scheduled until all of the passwords have been reset (and network infrastructure configurations restored).

6. A well executed plan to restore the configurations and reset the passwords should cause minimal disruption to the various departments and operations unless the configurations have not been backed up recently.

If item #6 is the case that the network infrastructure which consists of Cisco core backbone equipment, edge routers, fiber optic provisioning equipment, SMNP managed switches, Pix firewalls, etc. has not been backed up, then the leadership at DTIS should be held accountable. What CIO, Deputy Director, and other I.T. leadership would not have the technical background and vision to ensure that the I.T. infrastructure is secure?

Above all, even with safeguards, checks and balances, and a solid backup plan, does anyone have the common management sense to build a consensus among the I.T. staff to encourage cooperation, team building, communications, and esprit de corps so you don’t end up with disgruntled I.T. staff?

The Mayor, along with the executive leadership at DTIS should open their eyes and see that the information technology department is very dysfunctional. I challenge Mayor Newsom to do a “ground troops” evaluation by speaking with the line level employees as to what is really going on. I would eat my hat if Mayor Newsom did not find the MAJORITY of I.T. professionals that would like to see the senior management of DTIS fired and replaced.

By the way, I’m not interested in the job of CIO for SF.

Respectfully,

Dana L. Hom
Former Chief Operations Officer & Director of DTIS, City and County of San Francisco

The down side of this solution would be that we would all know about it. It is one thing taking some no-name Iraqi or Afganistani and abusing them. It is a whole different ball of wax putting an American, and one rapidly becoming famous through the same process.