By mistakenly touting a routine security test as a hacking incident, Tulsa's IT department caught the attention of experts in the field of computer security.
But while the incident no doubt left the city looking a bit foolish, at least one veteran computer journalist said the mistake was understandable.
"It probably happens more than we hear about," said Bill Brenner, managing editor of CSO magazine and CSOonline.com.
In early September, city officials announced that the city's website had been hacked, leading to a letter being sent out to citizens who had used the site to submit personal information via online forms.
After announcing that the incident did not involve an outside hacker, but rather a test by a security consultant, the city took action against Chief Information Officer Tom Golliver, placing him on paid administrative leave.
"This was one of those cases where I think they just jumped the gun in declaring it an attack, and the lesson there is, they need to have a more deliberate process of figuring out what's going on," Brenner said. "But I do feel some sympathy for them because, really from my perspective, they were doing the best they could at the time to be responsible and to jump on what they saw was a problem."
It remains to be seen if Golliver -- who reportedly earns a salary of $120,984, according to information compiled by The League of Women Voters of Metropolitan Tulsa -- will keep his job.
Golliver has private industry experience, and just a couple of weeks before the hacking false alarm, he was on the agenda to speak at a statewide conference on information technology.
According to the agenda posted online, Golliver was to talk about how the city's IT department confronted a problem users were having with mobile technology. "What we found, tested, and eventually implemented has resulted in virtually no dropped connections or lost sessions, resulting in significant improvements in workforce productivity," the agenda description for Golliver's session states. "Our mobile users are now some of the most productive (and happy) users working at the City of Tulsa."
His salary is below that of his counterpart in Oklahoma City, Schad Meldrum, Oklahoma City's director of information technology, who earns $143,863 yearly.
Alan Shark, executive director of the Public Technology Institute, said that leaders of city technology departments "really need to be a technologist, not a technician."
He explained that many city technology leaders today "have moved up through the ranks being fixers," people who maintained networks.
Now, however, top city technology positions require more complex skills, Shark said. "Now it requires a higher-level of thinking," he said. "They need to be proactive, not reactive."
It's worth noting that Shark is an advocate of advanced training for city tech leaders. The not-for-profit institute he heads partnered in 2008 with the University of North Carolina and Florida State University to form a consortium offering 12-month certification programs for chief information officers in government.
Shark said he believes there is enough talent to fill top city jobs, but added he does think competition is growing increasingly fierce among cities to attract the best candidates.
In Oklahoma City, Meldrum was an internal hire, but he was hired after a national search, according to a city spokesperson.
Since the false alarm incident, Tulsa leaders have focused on having a consultant review the city's IT department.
"The City of Tulsa ('City') is requesting Proposals from qualified vendors to perform an organizational assessment of the IT Department with the goal of improving performance through competitive benchmarking, organizational reviews, strategic elimination, and the incorporation of best practices," the city's request for proposals states.
The department, which has approximately 145 employees, could potentially undergo substantial change as a result of the review. In its announcement to potential consultants, the city states that "the successful consultant shall determine if strategic elimination, use of external providers, and/or best practices could provide opportunities to improve performance."
Some cities choose to outsource information technology services. Memphis, for example, has done so for years.
Answers that might guide the city could come relatively quickly; bids for the consulting job are due Nov. 7, and the city wants a report within three months of "contract finalization." The consulting firm will be chosen based on a mix of the company's qualifications, operational/technical approach and cost considerations.
Brenner wrote a blog post titled, "What happened to Tulsa's CIO could happen to you," and noted that security issues are very real at the government level.
Various attacks on information infrastructure "are actually too many to mention," he said.
Shark also said the threat is real to local governments.
"Things have changed very rapidly, and what has changed is the sophistication on the criminal side," Shark said.
Just this month, Computerworld reported how hackers finessed their way into the network of Burlington, Wash., stealing more than $400,000 from a Bank of America account used by the small city, which has a population of under 10,000.
The city notified residents who were enrolled in an auto-pay program to pay their utilities.
Shark said the example was just one of many, and that "not all of them are being reported."
Shark said cities need to do a better job of informing all employees about the importance of network security, noting that often it can take just one employee to weaken security systems.
"It's one thing to look at what are the leadership skills that are necessary, but the thing that to me is standing out more than ever before is this vulnerability that I see increasing in terms of other people not being brought into the equation."
Send all comments and feedback regarding City to jadame@urbantulsa.com
Share this article:
Mail Article
Print Article
Add to favorites