“Because the system was so complex (and also because he didn't involve any of the other network engineers in his unit), Terry was the only person who fully understood the FiberWAN configuration. Therefore, to prevent inadvertent disruption of this admittedly critical network, he locked everyone else out. I know most of the networking equipment … does use centralized AAA, but I get the impression he may have configured the FiberWAN equipment for local authentication only.”
Childs' attitude toward other administrators is by no means unusual in the IT industry. This is generally due to the fact that admins who are tasked with constructing and maintaining networks of this size and scope care for them like children, and eventually come to believe that no one else could have the knowledge and skills to touch the delicate configurations that form the heart of the network.
A key point made in the e-mail is that Childs' managers and coworkers all knew that he was the only person with administrative access to the network. In fact, it was apparently known and accepted in many levels of the San Francisco IT department. Again, quoting from the e-mail:
“This is where it gets tricky for the prosecution, IMO, because the localized authentication, with Terry as sole administrator, has been in place for months, if not years. His coworkers knew it (my coworkers and I were told many times by Terry's coworkers, 'If your request has anything to do with the FiberWAN, it'll have to wait for Terry. He's the only one with access to those routers'). His managers knew it.
"Other network engineers for the other departments of the City knew it. And everyone more or less accepted it.
"No one wanted the thing to come crashing down because some other network admin put a static route in there and caused a black hole; on the other hand, some of us did ask ourselves, 'What if Terry gets hit by a truck?' If a configuration is known and accepted, is that 'tampering'?”
My source appears to believe that Childs' motivation was the antithesis of tampering, and that Childs did everything possible to maintain the integrity of the network, perhaps to a fault:
“He's very controlling of his networks -- especially the FiberWAN. In an MPLS setup, you have 'provider edge' (PE) routers and 'customer edge' (CE) routers. He controlled both PE and CE, even though our department was the customer; we were only allowed to connect our routers to his CE routers, so we had to extend our routing tables into his equipment and vice versa, rather than tunneling our routing through the MPLS system.”
Like so many other high-level network administrators, Childs seems to have taken his job extremely seriously, to the point of arrogance and, perhaps, burnout.
“Terry was very dedicated to his career as an engineer. He is a CCIE (probably the only one in the City government), and spent much of his free time studying and learning more -- the MPLS for the FiberWAN, VoIP some of the departments are rolling out, other new technologies for our 311 and E911 systems, etc. He worked very hard, evenings and weekends in addition to full-time 8-5 work, and rarely took vacations. His classification is 'professional,' so he doesn't earn overtime pay, only comp time -- which like many of us he never really had the opportunity to use. He was on standby more or less 24-7-365; whereas in the private sector, in a company of 20,000 or more employees, you'd expect to find multiple engineers rotating that standby status, I'm pretty sure he was always the guy on call.”