The Washington Metropolitan Area Transit Authority, a open travel group for a nation’s capital, isn’t fortifying itself from cyberattacks as good as it should be, according to an internal audit finished final month by a examiner general’s office.
A brief summary of a review expelled in late June noted that WMATA’s board of directors agreed with a audit’s findings that while a agency has taken stairs to exercise an “IT incident” or cyberattack, it needs to urge a abilities to detect, news and solve incidents.
The outline also explained that a D.C. Metro is not alone among civic movement systems with cybersecurity shortcomings, citing a 2016 cyberattack on the San Francisco Transportation Agency that infirm card-charging systems, potentially unprotected worker and supplement information and saw a hackers demand a $73,000 ransom.
That incident, while isolated, drew a courtesy of Sen. Mark Warner, a Virginia Democrat with scarcely 1.5 million voters in WMATA’s use area. Warner wrote a letter to WMATA General Manager Paul Wiedefeld in Jan seeking about a authority’s occurrence response plan, including how it would understanding with a ransomware conflict and communicating out puncture procedures in a eventuality of an attack.
Warner’s minute was well-timed: Metro’s examiner general, Geoff Cherrington, told WTOP final week that “it’s not a matter of if, rather when,” a cyberattack will hit D.C.’s open transit. The group also recently started recruiting possibilities for a new position of cybersecurity director.
The new review examining occurrence response skeleton is only one of several security-related audits that Cherrington has designed for this year, the Washington Post reported. The additional audits will inspect a unsecured public Wi-Fi networks WMATA recently commissioned during a subterraneous stations and a digital speakers in a newest indication of rail cars, both of that are intensity conflict points for hackers.
“The newer record is what creates some-more opportunities, so as people do things like make Wi-Fi available, that creates a disadvantage that has to be mitigated,” pronounced Polly Hanson of the American Public Transport Association.
Still, Hanson said, insider threats — such as employees descending plant to phishing emails or inadvertently transporting malware from a personal device to an group device — is only as clever as those from a outside. Hanson combined that movement authorities everywhere are focusing some-more on securing their buying efforts, that WTOP reported that Cherrington’s bureau is planning on doing in a entrance months.
“The review design is to establish either WMATA is effectively and well handling a use of IT personal services contracts, and to establish if stream WMATA employees should be behaving a work instead of contractors to safeguard WMATA is not wasting taxpayer dollars,” the agency’s audit devise said.