Skip the navigation
News

Pennsylvania fires CISO over RSA talk

Terminated for disclosing security incident at Department of Transportation, source says

By Jaikumar Vijayan
March 10, 2010 06:57 PM ET
Comments (26)
Recommended (28)
Facebook
Twitter
Share

Computerworld - Pennsylvania's chief information security officer, Robert Maley, has been fired, apparently for talking publicly at the RSA security conference last week about a recent incident involving the Commonwealth's online driving exam scheduling system.

A source close to the matter said Maley was terminated for not getting the required approvals from the Commonwealth's authorities to talk publicly about the incident.

Commonwealth rules explicitly require all employees to get approval from the appropriate authorities before they publicly disclose official matters, the source said.

A spokesman for the state's governor, Edward Rendell, today confirmed that Maley is no longer working for the Commonwealth. But he refused to say if Maley had been terminated, citing privacy rules.

Maley, who was Pennsylvania's CISO for more than four years, was part of a RSA conference panel discussing state cybersecurity issues last Thursday.

During the discussion, Maley talked about a recent incident involving a Philadelphia-area driving school that was trying to get early driving tests for its students. The source said someone at the school exploited a configuration "anomaly" in the Department of Transportation's online driver's test scheduling system.

The vulnerability allowed the school to essentially cut the line and schedule "a whole bunch of driver's license exams" for its students, the source said.

The incident was reported to the state police, and the matter is currently under investigation, the source said.

Danielle Klinger, a spokeswoman for Pennsylvania's Department of Transportation, confirmed today that a problem had been uncovered in the driver test scheduling system, and that the matter has been turned over to state police.

However, she contested several media reports that have described the incident as a hacking attack, and said that as far as the the department was aware, there had been no hack or breach of the system.

Maley's dismissal comes amid ongoing budget and staff cuts at Pennsylvania's IT security organization, the source said. Over the past 18 months to two years, the administration has cut information security budgets by close to 38%, and staff by 40%. They also put a "lockdown" on talking about cybersecurity, the source claimed.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at Twitter @jaivijayan or subscribe to Jaikumar's RSS feed Vijayan RSS. His e-mail address is jvijayan@computerworld.com.

Read more about Security in Computerworld's Security Topic Center.

Comments (26) | Add yours
Recommended (28)
Facebook
Twitter
Share
Email
Print


Pennsylvania CISO

Additional Resources
ESG - What's Needed for Cloud Computing
WHITE PAPER
ESG - What's Needed for Cloud Computing
Just what is cloud computing anyway? Skeptics might say it is nothing but industry hyperbole, visionaries might say it is the future of IT. In reality, both statements are true - cloud computing has been embellished by the tech industry but it does hold real potential for new types of on-demand dynamic IT services. This paper seeks to clarify the definition of cloud computing, identify how far along users are in terms of cloud deployment, and examine the role of the network in the cloud computing model.
Driving Storage Efficiency in SAN Environments
WHITE PAPER
Driving Storage Efficiency in SAN Environments
This ESG paper outlines the considerations for architecting an efficient SAN data storage infrastructure with a focus on the NetApp solutions for increased utilization, improved performance and streamlined protection to reduce operational costs.
Get a Quick ROI from Being Green
WEBCAST
Get a Quick ROI from Being Green
The menu of green initiatives is long, but how do you get an early win with a solid ROI? Enterprise Print Services address sustainability issues well beyond paper usage. Learn how you can get an assessment of enterprise printing to identify underutilized devices, reduce energy consumption, cut waste, and free-up valuable space.
What People Are Saying
26 comments | Add new
Security White Papers
Backup and Disaster Recovery eGuide
As the digital universe grows beyond imagination, enterprise IT executives face the daunting task of keeping their little pieces of it backed up...
Forrester Research: Know your Facts: Understanding The Realities Of Desktop And Application virtualization
Read Now.
Windows 7 Migration Made Easier with Desktop Virtualization
Read Now.
Virtualization 2.0: The Desktop Revolution
Read Now.
Securing Data in the Cloud
This document is intended to give a broad overview of our security policies, processes and practices.
All Security White Papers
Security Webcasts
Desktop virtualization keys innovation drive
View now.
Survival Guide: Overcoming the Obstacles to Effective Risk Management
This virtual meeting for IT managers and CIOs is based on a new IBM study. Senior Vice Presidents and a Chief Technology Officer...
The Evolution of Managed File Transfer
Managed file transfer has evolved greatly from its earliest meaning of scheduled FTP to today's meaning of complete file governance, including visibility, enforcement,...
How to cut software management costs and avoid over-spending in the future
View now!
Get a $20 Amazon Gift Card - Just watch a Demo
View now!
All Security Webcasts
IT Jobs