Reports that China-based hackers breached computer systems used by New York’s Metropolitan Transportation Authority have heightened concerns in D.C. after other hacks of computer systems used by fuel pipelines and meat processors led to major disruptions.
Can it happen here too? Spoiler alert: Yes. But D.C. is on defense.
Metro said it has a number of lines of defense constantly at work, and that the nature of the hack revealed in New York isn’t something that can be duplicated with WMATA systems.
But a company the sheer size of Metro, not to mention all the contractors, means “We look at anywhere from several hundred thousand to over a million or a couple of million attacks at day,” said Kyle Malo, the chief of information security for WMATA.
“Those are attempts. Phishing emails, other kinds of general malware. … When you pare it down though to those that people actually click on, you start to look at maybe a handful, a couple of handful on a daily basis that requires the team to actively engage and defend the organization.”
Like many organizations, Malo said, Metro is constantly conducting training and targeted exercises aimed at reminding workers to be careful about what they click. He said it’s the number-one way bad actors can infiltrate a company’s computer systems.
But the defenses go much deeper than that.
Without getting into specifics, Malo said Metro also has “an anti-malware set of tools deployed that monitor our environment 24/7 and specifically we have anti-ransomware technology deployed,” calling them a critical tool the transit system uses.
But Malo also said the kind of vulnerability identified and breached in New York is less of a concern for WMATA.
“That attack targeted specific file-sharing services. This is not something that we have in play at Metro,” Malo said. “While we use similar technology, thankfully it wasn’t something that affected us, or would have affected us, due to the specific nature of that attack.”
“The system that MTA used that was impacted by these threat actors is not a system that Metro has enabled,” he added.
In a statement, Amtrak said, “We are working with federal authorities to monitor the situation and we remain vigilant in detecting malware activity and cybersecurity threats.”
WTOP also reached out to MARC and VRE, and is still awaiting responses.
