Reports that China-based hackers breached computer systems used by New York鈥檚 Metropolitan Transportation Authority have heightened concerns in D.C. after other hacks of computer systems used by fuel pipelines and meat processors led to major disruptions.
Can it happen here too? Spoiler alert: Yes. But D.C. is on defense.
Metro said it has a number of lines of defense constantly at work, and that the nature of the hack revealed in New York isn鈥檛 something that can be duplicated with WMATA systems.
But a company the sheer size of Metro, not to mention all the contractors, means 鈥淲e look at anywhere from several hundred thousand to over a million or a couple of million attacks at day,鈥 said Kyle Malo, the chief of information security for WMATA.
鈥淭hose are attempts. Phishing emails, other kinds of general malware. … When you pare it down though to those that people actually click on, you start to look at maybe a handful, a couple of handful on a daily basis that requires the team to actively engage and defend the organization.鈥
Like many organizations, Malo said, Metro is constantly conducting training and targeted exercises aimed at reminding workers to be careful about what they click. He said it鈥檚 the number-one way bad actors can infiltrate a company鈥檚 computer systems.
But the defenses go much deeper than that.
Without getting into specifics, Malo said Metro also has 鈥渁n anti-malware set of tools deployed that monitor our environment 24/7 and specifically we have anti-ransomware technology deployed,鈥 calling them a critical tool the transit system uses.
But Malo also said the kind of vulnerability identified and breached in New York is less of a concern for WMATA.
鈥淭hat attack targeted specific file-sharing services. This is not something that we have in play at Metro,鈥 Malo said. 鈥淲hile we use similar technology, thankfully it wasn鈥檛 something that affected us, or would have affected us, due to the specific nature of that attack.”
鈥淭he system that MTA used that was impacted by these threat actors is not a system that Metro has enabled,鈥 he added.
In a statement, Amtrak said, 鈥We are working with federal authorities to monitor the situation and we remain vigilant in detecting malware activity and cybersecurity threats.鈥
WTOP also reached out to MARC and VRE, and is still awaiting responses.
