How stupid is this? Last week Robert Maley was the CISO for the Commonwealth of Pennsylvania giving a presentation at the RSA conference. He was speaking about a hacking incident at PennDOT from last year.
This week? He’s on the pavement. It would appear that someone in PA overreacted.
From Patriot News/Penn Live:
Danielle Klinger, a spokeswoman for the state Department of Transportation, said the agency is not aware of any hacking or breach that occurred involving scheduling system for its driving test. However, she said that a few weeks ago, “we did discover an anomaly and we have actually turned that over to [the state police] for further investigation. We’re not sure what that anomaly is, but it is being investigated. Unfortunately, I can’t provide any more details on it.â€
Maybe Maley didn’t have leave to speak publicly about this incident in question. Which is something that PennDOT appears to have developed an Ostrich complex over. Some myopic nitwit thought it merited removing Maley from his post? They claim however that his talk had nothing to do with his dismissal. I’m not sure I believe that. Timing seems rather odd.
So, what of the alleged hacking incident?
Maley is reported to have said the hacker was later found to be someone with a driving school in Philadelphia who exploited a vulnerability in PennDOT’s system to schedule more driving tests than there were allotted slots.
This situation seems muddy at best. For more on this story read the article at Penn Live from this morning.
(Image used under CC from Olivander)
UPDATE (Mar 19, 2010): Today things are made a little clearer with respects to Maley’s dismissal after speaking at RSA. He provides ComputerWorld with an interview to add some clarity to the story.
What exactly happened? They terminated me. I was specifically asked not to talk about anything in Pennsylvania without explicit permission and to have everything that I would say to be completely reviewed before I said it. So yeah, they told me that, and, yup, I was wrong ultimately doing that. As far as the official reason, that’s why.
A hard lesson learned. Don’t have permission to discuss your day job from a conference podium? Remember this story.
