PA Blog

According to today’s ComputerWorld , Pennsylvania’s Chief Information Security Officer (CISO) Robert Maley was fired after discussing a previously undisclosed security “anomaly” at the US RSA 2010 conference last week. Mr. Maley, the ComputerWorld story says, apparently disclosed that: “a Philadelphia-area driving school … was trying to get early driving tests for its students. The source said someone at the school exploited a configuration ‘anomaly’ in the Department of Transportation’s online driver’s test scheduling system.” As a result, the driving school could  jump the queue in scheduling tests for its students. According to ComputerWorld, Mr. Maley, who was the state’s CISO for four years and its first one , hadn’t been authorized to speak about the incident, which a Pennsylvania government spokesperson says is being investigated by the Pennsylvania State Police . The spokesperson also said that the incident was not a security issue, although she would not describe what the anomaly was or how it was supposedly exploited. The ComputerWorld story also noted that Pennsylvania’s IT security staff and budget have been reduced by approximately 40% each over the past 18 months (the state is looking at a $475 million deficit for this fiscal year, which ends June 30th) and according to unnamed sources, the remaining security staff has been told to shut up about cyber security problems. I guess you don’t want to advertise that the state is vulnerable to cyber attacks, do you? Ironically, also at the RSA conference was a panel on the need for companies to tell law enforcement about security breaches . Companies are often hesitant to do so because of the perceived bad publicity that sometimes comes with a call. Privately run companies can more easily keep such calls to law enforcement quiet – public companies can for a short time but not forever. Pennsylvania government officials did call law enforcement, but it also did not inform the public of the matter either. If it was trying to hide the incident because of the bad “political” publicity that it might create, firing the CISO probably wasn’t a smart move. A quiet reprimand would have been better, and no one would have much noted the “anomaly.” Now it is a big deal. And if the State was trying to make a point to other state government employees by quickly firing the CISO over talking without permission, I expect that to backfire as well since it not only looks petty, but the message, rightly or wrongly, is that the current Pennsylvania government has lots of dirty cyber security linen to hide. Expect the state’s press to start digging for it. Now try hiring an experienced CISO into that environment. Unless, of course, Pennsylvania doesn’t really want one. .

Pennsylvania’s chief information security officer, Robert Maley, has been fired, apparently for talking publicly at the RSA security conference last week about a recent incident involving the Commonwealth’s online driving exam scheduling system. A source close to the matter said Maley was terminated for not getting the required approvals from the Commonwealth’s authorities to talk publicly about the incident. Commonwealth rules explicitly require all employees to get approval from the appropriate authorities before they publicly disclose official matters, the source said. A spokesman for the state’s governor, Edward Rendell, today confirmed that Maley is no longer working for the Commonwealth. But he refused to say if Maley had been terminated, citing privacy rules. Maley, who was Pennsylvania’s CISO for more than four years, was part of a RSA conference panel discussing state cybersecurity issues last Thursday. During the discussion, Maley talked about a recent incident involving a Philadelphia-area driving school that was trying to get early driving tests for its students. The source said someone at the school exploited a configuration “anomaly” in the Department of Transportation’s online driver’s test scheduling system. The vulnerability allowed the school to essentially cut the line and schedule “a whole bunch of driver’s licence exams” for its students, the source said. The incident was reported to the state police, and the matter is currently under investigation, the source said. Danielle Klinger, a spokeswoman for Pennsylvania’s Department of Transportation, confirmed today that a problem had been uncovered in the driver test scheduling system, and that the matter has been turned over to state police. However, she contested several media reports that have described the incident as a hacking attack, and said that as far as the the department was aware, there had been no hack or breach of the system. Maley’s dismissal comes amid ongoing budget and staff cuts at Pennsylvania’s IT security organisation, the source said. Over the past 18 months to two years, the administration has cut information security budgets by close to 38 percent, and staff by 40 percent. They also put a “lockdown” on talking about cybersecurity, the source claimed. .

Tom Corbett (gov) Four former U.S. Attorneys have filed to run for office in Pennsylvania. Tuesday marked the deadline for major party candidates to file with the Pennsylvania Secretary of State’s office. The primary elections to decide who will run in the November general elections will take place May 18. Tom Corbett , who was appointed U.S. Attorney for the Western District of Pennsylvania by President George H.W. Bush in 1989 and served until 1993, is one of two candidates vying for the Republican nomination for governor. Current Pennsylvania Gov. Ed Rendell (D) is term limited. Corbett, who is the current state attorney general, will face state Rep. Sam Rohrer in the Republican primary. On the other side of the political aisle, four candidates are seeking the Democratic nomination: Montgomery County Commissioner and former U.S. Rep. Joe Hoeffel , Allegheny County Executive Dan Onorato , state auditor general and former state Sen. Jack Wagner and state Sen. Anthony Williams . Several former U.S. Attorneys are seeking the nomination to run for Congress. Mary Beth Buchanan (Steve Pope) Mary Beth Buchanan , who served as the Western District of Pennsylvania U.S. Attorney from 2001 until November 2009, is one of two candidates seeking the Republican nomination for the 4th congressional district. She will face former Department of Homeland Security official Keith Rothfus in the Republican primary. Both candidates hope to challenge Rep. Jason Altmire (D-Pa.), who is unopposed in the Democratic primary. Patrick Meehan (doj) In the 7th congressional district, Pat Meehan , who led the Eastern District of Pennsylvania U.S. Attorney’s Office from 2001 to 2008, is running unopposed the in Republican primary.Three Democrats — attorney Gail Conner , state Rep. Bryan Lentz and political consultant E. Teresa Touey – are looking to win their party’s nomination. The candidates hope to replace Rep. Joe Sestak (D-Pa.), who is challenging Sen. Arlen Specter (D-Pa.) in the Democratic primary. Tom Marino (Tom Marino for Congress) Finally, Tom Marino , who was the U.S. Attorney for the Middle District of Pennsylvania from 2002 to October 2007, is one of three Republicans looking to unseat Rep. Chris Carney (D), who is unopposed in the Democratic primary. The other two Republicans seeking the nomination are chiropractor and 2006 state Senate candidate David Madeira and Snyder County Commissioner Malcolm Derk . Tags: Anthony Williams , Bryan Lentz , Chris Carney , Dan Onorato , David Madeira , Eastern District of Pennsylvania , Gail Conner , Jack Wagner , Jason Altmire , Joe Hoeffel , Joe Sestak , Keith Rothfus , Malcolm Derk , Mary Beth Buchanan , Middle District of Pennsylvania , Patrick Meehan , Pennsylvania , Pennsylvania governor’s race , Sam Rohrer , Teresa Touey , Tom Corbett , Tom Marino , U.S. Attorney for the Western District of Pennsylvania , Western District of Pennsylvania .