GAO blasts Washington for weak security

GAO blasts Washington for weak security

District of Columbia responds with a plan of action to improve information systems controls, hire more officers


The federal General Accounting Office assailed the District of Columbia's public works, technology and financial offices for having serious and pervasive weaknesses in their computer security.

GAO's criticism came in a report to Mayor Anthony A. Williams from the agency's annual audit of the district's Highway Trust Fund.

The congressional watchdog agency identified software configuration weaknesses that could let users bypass controls and gain unauthorized access to financial, payroll, personnel and tax information.

GAO said the lack of a comprehensive computer security management program lies at the root of the district's security problems.

A GAO study conducted from June to August last year found that city officials did not adequately limit access granted to authorized users, properly manage user IDs and passwords, effectively maintain system software and controls, or sufficiently protect networks and other computer systems from unauthorized users.

Unlocked front door

The report said district officials gave 4,300 users full access to 20 software libraries that are used to perform sensitive functions that can circumvent security controls.

The study revealed that more than 1,400 inactive user IDs, some from former employees, were not properly disabled, leaving the city's systems vulnerable to sabotage.

GAO noted that after it had conducted its study, district officials acknowledged the weaknesses and responded with a letter outlining actions the city planned to improve information system controls.

District law requires the Chief Technology Office to coordinate the development of information management plans, standards, systems and procedures.

Chief technology officer Suzanne Peck told GAO that the district has developed an action plan to correct all security weaknesses by April of next year. Her office also plans to implement a security management program by October.

'Of the 49 discrepancies identified, we have corrected 34, or about 70 percent,' said Linda Argo, the technology office's chief of staff. 'We plan to have 40 of the discrepancies corrected by March 31, 2001.'

Argo said the district has hired Interliant Consulting and Professional Services Inc. of Woburn, Mass., and Internet Security Services Inc. of Atlanta as consultants to help identify security vulnerabilities.

Since the study was conducted, the city has hired an information director of security and plans to hire a training officer, security officer and a supervisor to conduct risk management, Argo said.

City officials also are reviewing a number of security software packages to help fix the problems, she said.


  • senior center (vuqarali/

    Bmore Responsive: Home-grown emergency response coordination 

    Working with the local Code for America brigade, Baltimore’s Health Department built a new contact management system that saves hundreds of hours when checking in on senior care centers during emergencies.

  • man checking phone in the dark (Maridav/

    AI-based ‘listening’ helps VA monitor vets’ mental health

    To better monitor veterans’ mental health, especially during the pandemic, the Department of Veterans Affairs is relying on data and artificial intelligence-based analytics.

Stay Connected