A recent report on DC’s Metro has raised concerns the system remains vulnerable to cyberattacks. Still classified, the report from the inspector general was presented to the Metro’s board of directors in late June, according to The Washington Post. Speaking of the reason for the classified status, Inspector General Geoffrey A. Cherrington noted “By its nature, such an audit in the wrong hands could expose vulnerabilities and thereby undermine our shared goal of making [Metro’s] IT environment even more secure. For that reason, we have made an exception to our standard practice of posting audits to our website, and this one will be withheld from release.”
Additional reports are expected to follow through the next fiscal year, as the Inspector General performs another half-dozen security related audits on topics including incident response capabilities, data breaches, or cyberattacks on the system’s critical safety components.
That should give the public some confidence that at least someone’s thinking about this,” said security expert and former chief information officer of the Michigan Department of Transportation and current chairman of the security subcommittee of the Transportation Research Board C. Douglass Couto. “The biggest challenge is understanding what the vulnerabilities are so you can start fixing them.”
Source:
