The former embattled chief information officer who led the state's technology initiatives was caught trying to disable the Utah state government's Web site.
Phil Windley, on his own computer Web site, owned up to the action of trying to "test" the state's secure Internet site with software that probes for security vulnerabilities.
The result is an investigation by the Utah Department of Public Safety and a "public apology" issued by Windley at www.windley.com.
Utah Interactive, the company that does all of the state's Web-based services, first noticed the problem the evening of May 15.
Amy Sawyer, the company's general manager, said the company moved to block the intrusion and eventually traced the device to Windley's Internet provider, which disabled his service. That happened by 24 hours later.
Windley, on his Windley Blog, conceded "OK, I'm an idiot," but went on to write that at the time he decided to direct the program at the state's Web site, it seemed "perfectly reasonable."
"Given the tool's behavior on my much smaller sites, I figured it would run for an hour or so and give me a nice report that I could share with the state, and we'd all get something out it."
Sawyer's firm and state government officials were not amused.
Windley called Sawyer on Monday to "offer her my apology for being such a bonehead and causing her organization trouble. . . . After my conversation with Amy (Sawyer), I decided a public apology was in order."
Windley wrote he always had some curiosity about the security of www.utah.gov while chief information officer, so he decided to test it out.
The tool he used does not "hack" into programs but rather "floods" them with information and requests in an attempt to bring them down.
Companies routinely use the tool to assess their systems' ability to withstand such an attack.
Both Sawyer and Camille Anthony, director of the Department of Administrative Services, said the Utah system was not compromised.
"It was not a devastating thing. We went through the process, followed our own procedure to shut it down, and it did not compromise state services, the Web site or any data," Sawyer said.
Windley said he had no idea the tool would be so aggressive. "My actions were born of ignorance, not malice," he said.
Windley, coincidentally, used the same defense after he came under intense scrutiny and criticism last year as the state's chief information officer.
He eventually resigned after a legislative audit accused him of favoritism in facilitating the hiring of nine of his former co-workers from the now defunct Excite@home, an Internet service provider.
The audit said the nine were brought on at inflated salaries or awarded contracts under questionable actions that violated state purchasing protocols.
When brought before top legislative leaders to answer to the audit's findings, Windley apologized, saying his actions came as a result of unfamiliarity with how state government works.
A second audit was ordered in the furor to probe other potential missteps in the state's Information Technology Service's division. When employee complaints did not subside, Windley resigned in December, saying his presence was detracting from the state being able to accomplish its technology goals.
The second audit is due to be released next month.
E-MAIL: amyjoi@desnews.com