NewsRegionBaltimore City


Baltimore IT staffer potentially exposed city to security risks, Inspector General report says

Technician dismissed following investigation
Posted at 5:10 PM, Jan 17, 2019
and last updated 2019-01-18 07:28:50-05

BALTIMORE — A PC Support Technician working for the Baltimore Department of Public Works was censured for engaging in political activity and misusing City owned information technology systems while working for the city, the Office of the Inspector General said in a statement issued Thursday.

Baltimore DPW and the Baltimore City Office of Information & Technology worked with the OIG to investigate the abuses of access and the potential criminal and liable exposure the technician may have exposed the city to, the OIG said.

The technician “knowingly exceeded his authority as a PC Support Technician,” through engaging in unauthorized use of Baltimore City’s information technology, the OIG said.

In his abuses of the technology system, the technician had pirating software and hazardous licensing software and information security tools that were not required for his responsibilities for city agencies. At least one of those software applications contained malware that could have potentially posed a security risk to the DPW's computers and network, the OIG said. The technician also used applications he obtained inappropriately, potentially exposing the city to damage claims and reputational harm over dealing with the misuse of intellectual property.

The technician also kept a “mapped drive” to DPW data considered sensitive, such as the city’s industrial water control system, presenting an additional security risk, the OIG said. A "mapped drive" is a shortcut that provides a pathway to data stored remotely.

The OIG also said the technician had add-ons and apps on his computer that allowed him to view adult content such as pornography on a city-owned, work computer.

The technician was subsequently fired following the OIG releasing its findings. After grouping in the other agencies, the OIG, the DPW, and the BCIT took coordinated action to “mitigate the action of the employee,” the OIG said.

The OIG and Mayor Catherine Pugh also ordered BCIT to review all protocols and accountability metrics for IT administration across all city agencies and departments, and for a risk assessment to be conducted, along with appropriate recommendations to mitigate that risk.