DNS - State Information Security Official May Have Been Fired for Publicly Discussing Hacking Incident

An article in Pennsylvania’s Patriot (News - Alert)-News Web site today speculates that the state’s chief information security officer, Robert Maley, was fired for publicly discussing a hacking incident involving the state department of transportation’s computers.

Although top public officials declined to say why Maley was fired, the article suggests that it may have been because of comments he made during the recent RSA Conference, at which he appeared as a presenter.

Referring to the blog “The Public Eye with Eric Chabrow,” the article says Maley spoke about a denial of service attack that occurred in February that resulted in the over-scheduling of driver’s license exams. He said the DoT’s server that handles the scheduling “had thousands of hits from a computer in Russia” which caused the system to over-schedule, effectively preventing people from being able to schedule driver’s license exams.

In the article, Cybersecurity expert Jim Wingate, vice president of Backbone Security in Fairmont, W.Va., said Maley may have erred when he “named the source of the attack … named the site/application that was attacked … implied that it was successful in scheduling driver’s license exams, which reveals the existence of a vulnerability … and said he didn’t know what the hackers were up to.”

Interestingly, a DOT spokesperson contacted for the Patriot-News article said the department was not aware of any hacking or breach that occurred involving its driver’s test scheduling system. The spokesperson, however, did confirm that an “anomaly” had been discovered, and that state police are investigating -- but beyond that she declined to provide further details.

A reader commenting on the Patriot-News article online said “Bob Maley was let go (fired) because he was told not once, but twice, that he was not to go to conferences and release specific information about Commonwealth security matters in a public forum, AND, he was not to publish, or interview to publish this specific information WITHOUT THE SPECIFIC WRITTEN PERMISSION OF THE COMMONWEALTH. He was warned and written up the first time he did it and specifically told that he would be terminated if he did it again.”