recommended reading

Is DC's Subway Ready for a Cyberattack?

Passengers wait on the platform before boarding a train at the U Street Metro Station in Washington, DC.

Passengers wait on the platform before boarding a train at the U Street Metro Station in Washington, DC. // Pablo Martinez Monsivais/AP

It would be an exercise in futility to list the headaches experienced by riders of the Washington Metropolitan Area Transit Authority in recent years.

Following the death of a 61-year-old woman in a smoke-filled Metro tunnel in January 2015, SafeTrack—a year-long series of planned repair jobs to WMATA’s 117 miles of track—routinely causes delays. Only five days into 2017, Metro experienced its first meltdown of the year as a computer glitch left its control center unable to communicate with tracks for about 10 minutes. Yet, the small disruption added 90 minutes to some riders’ commutes, who predictably responded with language unsuitable for small children to WMATA’s Twitter handle.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

The glitch, too, seems to have prompted concern in Congress over Metro’s cybersecurity operations, wireless communication and first-responder communication systems.

Sen. Mark Warner, D-Va., wrote a letter Monday to WMATA General Manager Paul Wiedefeld, referencing both the glitch and a November cyberattack on the San Francisco Municipal Transportation Agency’s computer systems. In that incident, attackers took over 900 computers and demanded a ransom to unlock them.

“As a co-founder of the Senate Cybersecurity Caucus and a staunch supporter of WMATA, I am acutely concerned about what this kind of attack may mean for transportation systems like WMATA,” Warner wrote. “While early reports indicate that the attack on SFMTA may have been opportunistic rather than targeted, I am concerned that WMATA may represent a particularly enticing target for more advanced threats, given its importance to the region and the number of federal agencies that rely on the system to transport their workforces each day.”

Warner’s letter references a growing increase of so-called ransomware attacks, whereby outdated IT systems are targeted by hackers and held hostage. The federal government itself has an incredibly complex legacy IT problem, with numerous systems several decades old. Old systems can lead to very real problems.

For example, outdated systems were at least partially to blame for the Office of Personnel Management hack that exposed the personal information of 20 million federal employees and contractors. Similar attacks could devastate Metro, warned Warner, who requested information from WMATA when its last IT overhaul occurred. Daily delays and unscheduled track work are temporary annoyances for riders, to be sure, but Warner said a cybersecurity failure could have long-lasting effects on both riders and Metro systems.

“Should a cyberattack cripple WMATA’s ability to collect fares for days at a time, or have the effect of deterring alarmed riders, the financial implications would only exacerbate WMATA’s serious and mounting fiscal problems,” Warner said. “A cyberattack could potentially threaten these vital networks as well, putting riders at risk if an accident or emergency were to occur during a cyberattack.”

Responding to Nextgov, a Metro spokesperson said, “Metro has received the senator’s letter and will provide a timely response.”

The spokesperson declined to answer questions regarding its cybersecurity defenses but noted it does have systems in place to defend IT systems.

“Due to the sensitive nature of cybersecurity, we do not comment on specific security details,” the spokesperson said. “Metro has various security protocols and safeguards in place to protect our systems and data.”

In the letter, Warner also pushed WMATA to release an “updated plan and timeline for the build-out” of its cellular communication network, noting Metro has “missed several internal and congressionally mandated deadlines.”

Warner also seeks updates on Metro’s emergency response training, its plan to introduce Wi-Fi coverage within stations and whether interoperability of public safety communications systems has improved. An investigation into the January 2015 Metro incident, which left one person dead and dozens injured, revealed the emergency response team faced radio communication problems during the accident.

Warner wants answers from Metro by Feb. 15.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.