Russian laptop breached DC Metro system: watchdog

A pc based mostly in Russia was in a position to breach the Washington, D.C., Metro system earlier this yr, the Metro’s Workplace of the Inspector Basic (OIG) mentioned in a brand new report.

The partially redacted report, launched Wednesday and first reported by The Washington Submit, mentioned the Washington Metropolitan Space Transit Authority’s (WMATA) cybersecurity group detected “irregular community exercise originating in Russia” in January. 

Preliminary findings indicated a pc in Russia accessed “a delicate WMATA listing” with the credentials of a contractor who not labored for Metro, however whose high-level entry had been maintained in hopes that the contract could be renewed. The investigation discovered “the pc in Russia was turned on on the path of the previous contractor who remotely accessed his laptop in Russia.”

The OIG says it raised issues about “potential cybersecurity vulnerabilities” to WMATA in 2019, arguing vulnerability assessments and testing of system parts weren’t being carried out. WMATA then contracted a safety firm that produced a findings report, a replica of which the OIG says it obtained in February, regardless of earlier requests. 

“Given the present risk atmosphere, the report said that it may be assumed vulnerabilities at the moment do or will exist inside WMATA’s programs. These vulnerabilities, if left unaddressed and subsequently develop into exploited by a risk, might render WMATA prone to unacceptable outcomes,” the most recent OIG doc reads.

In a response included within the revealed report, Torri T. Martin, Metro’s chief data officer, and Elizabeth Sullivan, chief audit and threat officer, wrote to “respectfully word that the Report fails to acknowledge that the IT division has made measurable enhancements in its cybersecurity program as demonstrated by efficiently closing 142 out of 168 OIG corrective motion plans … since 2019.”

An investigation of the Russian exercise by the Microsoft Detection and Response group, they mentioned, didn’t discover that content material accessed by the breached laptop in January was synchronized onto the Russian gadget, and “no indications of persistence or ongoing malicious exercise” have been famous.

The IT division is now reviewing the OIG and Microsoft assessments and proposals, Martin and Sullivan mentioned.

“The place a brand new program or course of could also be wanted, we are going to develop an actionable plan and milestones based mostly on obtainable sources and applicable [corrective action plans],” they wrote.

Copyright 2023 Nexstar Media Inc. All rights reserved. This materials is probably not revealed, broadcast, rewritten, or redistributed.