Home News Washington Metro cybersecurity audit reveals rising vulnerabilities in transit system

Washington Metro cybersecurity audit reveals rising vulnerabilities in transit system

Washington Metro

A cybersecurity audit performed on Metro in Washington highlighted that the agency remains vulnerable to attacks that might endanger the security system. The audit report was submitted to Metro’s board of directors in late last month, but the key facts are being kept secret due to the risk from scammers.

“By its nature, such an audit in the wrong hands could expose vulnerabilities and thereby undermine our shared goal of making (Metro’s) IT environment even more secure,” Metro Inspector General Geoffrey A. Cherrington said in a statement. “For that reason, we have made an exception to our standard practice of posting audits to our website, and this one will be withheld from release.”

The report specifically mentioned the Metro’s incident response measures and whether the security experts in the agency know how to detect and respond to a cyber attack. In a response to the report, the Metro officials announced that they’re focussing on the security improvements in the entire transport system.

There are various incidents of cyber attacks on transport system earlier. On October 24, 2017, Ukraine’s Odessa airport and metro system in Kiev was targeted by a malware called “BadRabbit” and prompted state-run Computer Emergency Response Team (CERT) to ask transport networks to be on alert. However, the country’s banking services remained unaffected.

Kiev metro system reported that its payment system was attacked while Odessa airport said it had to delay some flights, as it beefed up its security arrangements. Ukraine suspects that its neighbor Russia is behind these cyberattacks and is planning to draft a national strategy to overcome such attacks and to keep major institutions and companies safe.



Sign Up Now & Get Free CISO MAG issue

* indicates required


  1. The attackers could still use this opportunity since they were successful in October. All in all, it will depend on the board of directors risk management process in such a case and especially their DRP in such an incident.

  2. The actors can still utilize the vulnerabilities in the system since the last success in October. However it will depend on Board of Directors risk management process especially regarding incident management and the DRP.


Please enter your comment!
Please enter your name here