DC transit on defense against hackers

Reports that China-based hackers breached computer systems used by New York’s Metropolitan Transportation Authority have heightened concerns in D.C. after other hacks of computer systems used by fuel pipelines and meat processors led to major disruptions.

Can it happen here too? Spoiler alert: Yes. But D.C. is on defense.

Metro said it has a number of lines of defense constantly at work, and that the nature of the hack revealed in New York isn’t something that can be duplicated with WMATA systems.

But a company the sheer size of Metro, not to mention all the contractors, means “We look at anywhere from several hundred thousand to over a million or a couple of million attacks at day,” said Kyle Malo, the chief of information security for WMATA.

“Those are attempts. Phishing emails, other kinds of general malware. … When you pare it down though to those that people actually click on, you start to look at maybe a handful, a couple of handful on a daily basis that requires the team to actively engage and defend the organization.”

Like many organizations, Malo said, Metro is constantly conducting training and targeted exercises aimed at reminding workers to be careful about what they click. He said it’s the number-one way bad actors can infiltrate a company’s computer systems.

But the defenses go much deeper than that.

Without getting into specifics, Malo said Metro also has “an anti-malware set of tools deployed that monitor our environment 24/7 and specifically we have anti-ransomware technology deployed,” calling them a critical tool the transit system uses.

But Malo also said the kind of vulnerability identified and breached in New York is less of a concern for WMATA.

“That attack targeted specific file-sharing services. This is not something that we have in play at Metro,” Malo said. “While we use similar technology, thankfully it wasn’t something that affected us, or would have affected us, due to the specific nature of that attack.”

“The system that MTA used that was impacted by these threat actors is not a system that Metro has enabled,” he added.

In a statement, Amtrak said, We are working with federal authorities to monitor the situation and we remain vigilant in detecting malware activity and cybersecurity threats.”

WTOP also reached out to MARC and VRE, and is still awaiting responses.

John Domen

John started working at WTOP in 2016 after having grown up in Maryland listening to the station as a child. While he got his on-air start at small stations in Pennsylvania and Delaware, he's spent most of his career in the D.C. area, having been heard on several local stations before coming to WTOP.

Federal News Network Logo
Log in to your WTOP account for notifications and alerts customized for you.

Sign up