The former chief information security officer (CISO) for the US state of Pennsylvania, Bob Maley, today confirmed rumours at the AusCERT 2010 security conference in Queensland that he was put out of a job for disclosing information about a security incident at another conference earlier in the year.
Bob Maley(Credit: Munir Kotadia/ZDNet Australia)
The website confirmed with a spokesperson for the Pennsylvania governor that Maley was indeed removed from the position, but that it would not disclose the reason as it was a personnel issue.
Speaking at the AusCERT 2010 conference in Queensland today, Maley confirmed the rumour that it was due to revealing a government security incident at the RSA Conference.
Maley again described the incident today; it involved a hacker who owned a driving school in Philadelphia using a proxy server in Russia to mask his identity and then exploit a system bug so he could schedule exams for his students.
"It embarrassed the Commonwealth of Pennsylvania that the [web] application was not so secure," he said.
With time for one question post Maley's presentation, Intelligent Business Research Services (IBRS) security analyst James Turner asked about Maley's dismissal and whether other CISO's should be allowed to talk about their security incidents in the public more openly. "I'd be interested in your take on other CISO's talking about attacks on their organisation," he asked.
"I believe in it because I believe that sharing of information amongst our peers is one way that we stay in the game. [But] I'm not 100 per cent sure if it's going to happen," Maley answered.
For the private sector it was a little more easier, he said, but for the government it was not, as the talk could effect upcoming elections.
"I've had the opportunity to meet a lot of CISOs in the private sector and they view it a little bit more differently ... their core constituents are their stock holders. So they do have a responsibility to their stock holders, but in the government the core people, I believe, should be the citizens. The problem is it's not, it's the government."
Ben Grubb is attending AusCERT 2010 on the Gold Coast as a guest of AusCERT.