Pennsylvania fires CISO over RSA talk

Pennsylvania’s chief information security officer, Robert Maley, has been fired, apparently for talking publicly at the recent RSA security conference about a recent incident involving his state’s online driving exam scheduling system.

A source close to the matter said Maley was terminated for not getting the required approvals from the Commonwealth of Pennsylvania’s authorities to talk publicly about the incident.

Commonwealth rules explicitly require all employees to get approval from the appropriate authorities before they publicly disclose official matters, the source said.

A spokesman for the state’s governor, Edward Rendell, confirmed that Maley is no longer working for the Commonwealth. But he refused to say if Maley had been terminated, citing privacy rules.

Maley, who was Pennsylvania’s CISO for more than four years, was part of a RSA conference panel discussing state cybersecurity issues last Thursday.

During the discussion, Maley talked about a recent incident involving a Philadelphia-area driving school that was trying to get early driving tests for its students. The source said someone at the school exploited a configuration “anomaly” in the Department of Transportation’s online driver’s test scheduling system.

The vulnerability allowed the school to essentially cut the line and schedule “a whole bunch of driver’s license exams” for its students, the source said.

The incident was reported to the state police, and the matter is currently under investigation, the source said.

Danielle Klinger, a spokeswoman for Pennsylvania’s Department of Transportation, confirmed today that a problem had been uncovered in the driver test scheduling system, and that the matter has been turned over to state police.

However, she contested several media reports that have described the incident as a hacking attack, and said that as far as the department was aware, there had been no hack or breach of the system.

Maley’s dismissal comes amid ongoing budget and staff cuts at Pennsylvania’s IT security organization, the source said. Over the past 18 months to two years, the administration has cut information security budgets by close to 38 per cent, and staff by 40 per cent. They also put a “lockdown” on talking about cybersecurity, the source claimed.

 

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now