Metro’s Cybersecurity Inspection Kept Confidential

July 11, 2018


Officers at Washington D.C.’s Metro, the Metropolitan Area Transport Authority, said that although they aren’t openly sharing the outcomes of a fresh internal cybersecurity check, they expect to improve their cybersecurity plans after the outcomes disclosed that the organization is susceptible to attacks.

Infosecurity Magazine phoned Metro who has yet to return our call. In a report, Metro Inspector General Geoffrey A. Cherrington said, “By its nature, such an inspection in the wrong hands might reveal weaknesses and thus undermine our shared objective of making [Metro’s] IT environment even safer. Therefore, we have made an exclusion to our normal practice of posting audits to our website, and this one will be withdrawn from release.”

The check was reportedly carried out behind closed doors by Metro’s board of directors in late June, and the outcomes remain secret in order to assist avoid any future attacks should malevolent actors try to abuse any of the known weaknesses that were known.

Transportation is among the areas of main concern when it comes to attacks on important infrastructure, and the Washington Post informed that the faults identified in Metro’s check might possibly jeopardize its safety system and probably endanger security and day-to-day jobs.

This fresh audit is just one of many security-related checks planned over the next financial year. The June audit concentrated mainly on Metro’s incident reaction plan and inspected to identify where its people, procedures, and processes might be improved. Across all segments of cybersecurity, the increasing skills gap restricts a company’s capability to find and react to attacks. The outcomes of Metro’s audit demonstrated where it is most susceptible, paving the path to decrease gaps to reduce the danger.

The next six planned reviews will study additional dangers, “from a huge data breach of SmarTrip card information to possible attacks that might meddle with critical security tasks such as rail traffic control systems, the power grid, station ventilation, gas and fire sensors, and voice and data communications,” as per the Washington Post.