(RepublicanPress.org) – On May 17, officials released emails from February written by the Office of the Inspector General (OIG). It stated there was an ongoing investigation into a cyber incident from January regarding a possible “security breach or leak” of the Washington, DC Metro cloud system. The report said the Washington Metropolitan Area Transit Authority’s (WMATA) cyber security group alerted the OIG about some abnormal activity coming from Russia.
Breach and Investigation
According to the emails, a former contractor used his login to access the WMATA directory through his personal computer. The OIG faulted the Metro Authority for failing to protect its systems by following basic policies and procedures and revoking the contractor’s credentials.
The OIG said the WMATA didn’t have anything in place to monitor remote user activity, leaving the system and possibly sensitive information vulnerable to outside actors. They also said it found proof of “passwords, emergency response procedures, disaster recovery measures,” vulnerability evaluations, and other critical data on devices not under the control of the WMATA.
The Metro Authority received recommendations to enhance its cybersecurity as far back as 2019, yet many remain unimplemented. The OIG called for the WMATA to immediately put security controls in place and limit data access on all levels to reign in the risk of compromising its data further. The office gave the organization specific security measures to put in place, warning if it didn’t take the needed steps, the WMATA could continue to compromise its “data, networks, and assets.”
Reactions and Vulnerabilities
The Washington DC metro transports over 600,000 people around the nation’s capital every day. The OIG’s report highlighted serious security problems that some say could threaten the metro’s safety — thereby, all travelers. As the train system becomes more dependent on technology, the need for tight security and strong policies and procedures only grows.
Metro General Manager Randy Clarke admitted there was room for security improvement, but WMATA immediately reported the unauthorized access incident to the cybersecurity department. Clarke assured the Metro Authority would “prioritize improvements,” saying “safety and security” are very important to the WMATA. Metro officials are reportedly looking over recommendations from the inspector general’s office and Microsoft to help prevent further incidents.
A spokeswoman from the House Oversight Committee said the OIG’s findings were alarming and the group would be looking into the issue. Senator Tim Kaine (D-VA) said the WMATA needed to strengthen its cybersecurity quickly.
Copyright 2023, RepublicanPress.org