A former IT consultant for a California oil and gas company has admitted he intentionally tampered with its computer systems after he was turned down for a permanent position there. Mario Azar of Upland, California pleaded guilty to one felony count of intentionally damaging a computer system used in interstate and foreign …
Where do they find?
Where do they find and why this kind of people - definitely not a professional! Management error, yes, he is a bad apple but who and why selected him when there is, especially today, overflow in market for real professionals? Also, bad systems management - it's not difficult nor expensive to have systems where you manage everyone, even managers (specifically managers, they are often the weakest link and can cause even more problems - heh!)
Bigger question: who controlled this?
It is always possible that you get a bad apple, but where was the control policy? What about decent exit processes? This isn't just a "bad apple", this appears to be a framework failure which should have been designed to catch this.
From someone who more or less started SCADA security (which was time full of *very* scary discoveries)..
10 years minimum plus they should claim on his professional indemnity insurance...
SCADA Systems Management
As having worked in the field, exit policy is just one fault with control of SCADA systems. Add to it a list of malicious vulnerabilities and lack of proper external access monitoring makes SCADA the weakest yet most important part of most large industrial processes.
On-site security is a joke at a lot of these installations, most networks have external access to critical systems and engineers are regularly let go with no proper consultation on resecuring the system.
It seems that it will take a major attack to help people wake up to the importance of keeping these systems safe. Recent research shows that current overloading at even small power grid stations would allow major parts of the US grid backbone to be brought offline in one foul swoop.
Fire sale indeed.
Midget Oil Platforms
Hey, I wanna know where the midget oil platforms are? Why all the hyperbole and saying that he controlled GIANT oil platforms? Are there small and midget, sorry dwarf oil platforms?
It always comes back to people wearing suits deciding that IT is 'just another set of disposable people', and that everything happens by magic. If you buy Microsoft systems, you're secure, right? Says so in the brochure.. All sysadmins do is press buttons and things happen. Can't be hard, right? Not lke preparing powerpoint slides and presentations where you can actually see someone do something.
HR, having no clue whatsoever, puts keywords in ads, and if you've got the buzzwords down to pat, you get to interview. Unless you already have some really clued in people on the interview panels, you end up with whoever can most confidently throw the most buzzwords in the shortest time (I do interviewing where I work, and the amount of people who confidently spout complete garbage liberally sprinkled with buzzwords, and claim to be MVPs or experienced developers/admins etc. is frankly astonishing. Even when you pick them up on it, they just throw out a whole set of completely unrelated buzzwords).
What people just don't understand is, when you hire a sysadmin, or someone with administrative level access, you're handing them the keys to your company. Unlike almost anyone else outside the directors office, they have the ability, single handedly, to undermine the operations of the company for a significant time period (possibly permanently).
If people started hiring with that in mind, I think they'd be a lot more stringent in who they hired, and HR staff may end up having to get a clue.
You are right. But it will never happen. Managment refuse to accept that a mere technician could have a similar or higher status to themselves. In Britain we call this the class system. I'm not sure what you'd call it in the rest of the world. Probably just plain snobbery.
Management are disposable
Tech is not, and really it should be obvious by now, that you need to hire tech that manages.
Tech needs to up their game, and study business and economics, and just replace the current management. And of course some in management could up their tech skills as well. There is no place now for either just a tech or a management person, tech and business are too intertwined.
The days of the blinkered specialist are over, it is about being an expert generalist nowadays.
There are the consultants like myself that destroy all client-sensitive information in my possession at the end of each engagement only to discover on a subsequent visit that all my accounts are still there. Nobody bothered to delete them.......................................
Skinny Contrived Aristicratic Dolly Automaton
- 'Windows 9' LEAK: Microsoft's playing catchup with Linux
- Infosec geniuses hack a Canon PRINTER and install DOOM
- Game Theory Half a BILLION in the making: Bungie's Destiny reviewed
- Review A SCORCHIO fatboy SSD: Samsung SSD850 PRO 3D V-NAND
- Was Earth once covered in HELLFIRE? No – more like a wet Sunday night in Iceland