General Dynamics also takes the insider threat seriously.

General Dynamics makes use of the ArcSight security and event management tool to centralize collection and analysis of security events on both its own internal networks and for some federal agencies under a Dept. of Homeland Security contract. The firm is looking at expanding that capability to better monitor user application use.

By installing ArcSight's new IdentityView add-on to watch for database use, General Dynamics hopes to get better visibility into what network users are doing and whether they're authorized to do it.

"There are sensitive databases in the government that determine who can stay in the country and who can't," says Bil Garner, General Dynamics project manager. IT and applications teams create resources for users, he notes, "But who can access what is very much an issue."

General Dynamics anticipates that IdentityView will become a tool to monitor user activity and "tie an event to a user," says Garner. "Before it was just an event."

San Francisco's Terry Childs is not the first IT administrator to have been accused of going on a rampage. There have been several cases in the past, including the case of Roger Duronio, the former UBS PaineWebber computer systems administrator, convicted two years ago for planting a malicious-code "logic bomb" that caused more than US$3 million in damage and repair costs to the UBS computer network.

The motive, according to New Jersey prosecutors, was that Duronio was angry about the US$32,500 annual bonus he got in 2002, which was less than the $50,000 he was expecting. He was sentenced to 97 months in prison.