recommended reading

Is DC's Subway Ready for a Cyberattack?

Passengers wait on the platform before boarding a train at the U Street Metro Station in Washington, DC.

Passengers wait on the platform before boarding a train at the U Street Metro Station in Washington, DC. // Pablo Martinez Monsivais/AP

It would be an exercise in futility to list the headaches experienced by riders of the Washington Metropolitan Area Transit Authority in recent years.

Following the death of a 61-year-old woman in a smoke-filled Metro tunnel in January 2015, SafeTrack—a year-long series of planned repair jobs to WMATA’s 117 miles of track—routinely causes delays. Only five days into 2017, Metro experienced its first meltdown of the year as a computer glitch left its control center unable to communicate with tracks for about 10 minutes. Yet, the small disruption added 90 minutes to some riders’ commutes, who predictably responded with language unsuitable for small children to WMATA’s Twitter handle.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

The glitch, too, seems to have prompted concern in Congress over Metro’s cybersecurity operations, wireless communication and first-responder communication systems.

Sen. Mark Warner, D-Va., wrote a letter Monday to WMATA General Manager Paul Wiedefeld, referencing both the glitch and a November cyberattack on the San Francisco Municipal Transportation Agency’s computer systems. In that incident, attackers took over 900 computers and demanded a ransom to unlock them.

“As a co-founder of the Senate Cybersecurity Caucus and a staunch supporter of WMATA, I am acutely concerned about what this kind of attack may mean for transportation systems like WMATA,” Warner wrote. “While early reports indicate that the attack on SFMTA may have been opportunistic rather than targeted, I am concerned that WMATA may represent a particularly enticing target for more advanced threats, given its importance to the region and the number of federal agencies that rely on the system to transport their workforces each day.”

Warner’s letter references a growing increase of so-called ransomware attacks, whereby outdated IT systems are targeted by hackers and held hostage. The federal government itself has an incredibly complex legacy IT problem, with numerous systems several decades old. Old systems can lead to very real problems.

For example, outdated systems were at least partially to blame for the Office of Personnel Management hack that exposed the personal information of 20 million federal employees and contractors. Similar attacks could devastate Metro, warned Warner, who requested information from WMATA when its last IT overhaul occurred. Daily delays and unscheduled track work are temporary annoyances for riders, to be sure, but Warner said a cybersecurity failure could have long-lasting effects on both riders and Metro systems.

“Should a cyberattack cripple WMATA’s ability to collect fares for days at a time, or have the effect of deterring alarmed riders, the financial implications would only exacerbate WMATA’s serious and mounting fiscal problems,” Warner said. “A cyberattack could potentially threaten these vital networks as well, putting riders at risk if an accident or emergency were to occur during a cyberattack.”

Responding to Nextgov, a Metro spokesperson said, “Metro has received the senator’s letter and will provide a timely response.”

The spokesperson declined to answer questions regarding its cybersecurity defenses but noted it does have systems in place to defend IT systems.

“Due to the sensitive nature of cybersecurity, we do not comment on specific security details,” the spokesperson said. “Metro has various security protocols and safeguards in place to protect our systems and data.”

In the letter, Warner also pushed WMATA to release an “updated plan and timeline for the build-out” of its cellular communication network, noting Metro has “missed several internal and congressionally mandated deadlines.”

Warner also seeks updates on Metro’s emergency response training, its plan to introduce Wi-Fi coverage within stations and whether interoperability of public safety communications systems has improved. An investigation into the January 2015 Metro incident, which left one person dead and dozens injured, revealed the emergency response team faced radio communication problems during the accident.

Warner wants answers from Metro by Feb. 15.

Threatwatch Alert

User accounts compromised

1 Million Online Gaming Accounts Exposed

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.