Wired.com reported on May 29th that a former employee of Energy Future Holdings, a Dallas-based energy corporation that operates the Comanche Peak nuclear power plant, allegedly logged on to the corporate network after his termination and emailed, modified, and deleted files containing proprietary information, resulting in an estimated $26,000 loss for the company.
According to the article,
“No charges have apparently been filed, but the FBI is treating the case as a suspected violation of federal computer crime laws, including a rarely-used statute prohibiting breaking into a computer and creating ‘a threat to public health or safety.’
“But the damage noted in the affidavit appears to be purely financial. One of the files that was tampered with, ‘Hourly Capacity Supplied — 2009 upload.xls,’ is described as an ‘input file to determine the power generation required by the RFH system components.’ The net result of the tampering was that ‘the EFH management system was rendered inoperable, resulting in EFH being unable to accurately forecast the parameters necessary to operate the business on March 4, 2009.’”
The ex-employee, Dong Chul Shin, had access to more than just the file system:
While at EFH, Smith notes, “Shin was responsible for programming the models which controlled the management of EFH power generation facilities, including Comanche Peak.”
Hopefully, the FBI investigation will provide enough evidence to result in a charge against the individual responsible, but the underlying issue here is why employees continue to have access to critical assets after their termination.
This is a common theme in recent insider theft and sabotage cases that should serve as a warning to all organizations to review their termination policies. The termination of one or more employees requires a coordinated effort between departments to ensure the removal of physical and electronic access to organizational assets. It makes no sense to terminate an employee, escort him/her from the building only to leave VPN access and login credentials intact.
At best, it's a costly oversight but nonetheless, it is a process failure and requires an internal review of termination procedures at EFH.
And while they're at it, they can consider themselves lucky this wasn't worse.
Read the entire article here.
Comments