In our modern age, much of our society’s important systems and infrastructure are reliant upon cyber technology to function. This is why cyber attacks are such a broad risk, being that they have almost limitless options to target. Even public transportation is at risk, as displayed by the fact that the San Francisco light-rail system was hit last year. This was a scenario where ransomware was used to lock up the transit agency’s computer systems in an attempt to gain $73,000 to unlock them.
Fortunately, the transit agency was able to get their systems back online without paying the ransom, as well as without compromise of any customer or employee credit or bank account numbers. The system was able to be brought back online by restoring it from backups. While this circumstance was able to be handled in a positive way, it has left some concerned as to what it could mean for other transportation systems. Major concerns have arisen from Senator Mark R. Warner (D-Va.), co-founder of the Senate Cybersecurity Caucus, as to what this could mean for transportation systems like the Washington Metropolitan Area Transit Authority.
Senator Warner Issues Concerns in Letter to Metro Manager
These concerns prompted Warner to write a letter to Metro General Manager Paul J. Wiedefeld, in which he poses a number of questions in regard to the state of the agency’s computer systems:
1. SFMTA was apparently a victim of a random attack that looked for antiquated, vulnerable computer systems. When was the last complete overhaul of WMATA’s IT systems? Has WMATA identified any end-of-life legacy components, and if so has WMATA taken steps to replace and/or isolate them? Does WMATA have backup systems in place that would allow for some level of continuity of operations in the case of a complete computer system outage?
2. Does WMATA employ network segmentation, including between consumer-facing or internet-connected systems and mission-critical, operational systems to protect against lateral movement of attackers? Does WMATA have a procedure in place to notify overseers, regulators, and the public in the case of a cyberattack?
3. Does WMATA have a comprehensive plan in place to deal with ransomware attacks? If so, was the plan developed in coordination with local and regional partners, including any entities or jurisdictions that may share or have access to internet-connected systems?
Warner then also requested a response to the questions by February 15th. There have already been other instances of issues with Metro’s systems, including IT testing that went wrong and caused Rail Operations Control Center to be unable to control switches for about nine minutes.