GAO blasts Washington for weak security

GAO blasts Washington for weak security

District of Columbia responds with a plan of action to improve information systems controls, hire more officers


The federal General Accounting Office assailed the District of Columbia's public works, technology and financial offices for having serious and pervasive weaknesses in their computer security.

GAO's criticism came in a report to Mayor Anthony A. Williams from the agency's annual audit of the district's Highway Trust Fund.

The congressional watchdog agency identified software configuration weaknesses that could let users bypass controls and gain unauthorized access to financial, payroll, personnel and tax information.

GAO said the lack of a comprehensive computer security management program lies at the root of the district's security problems.

A GAO study conducted from June to August last year found that city officials did not adequately limit access granted to authorized users, properly manage user IDs and passwords, effectively maintain system software and controls, or sufficiently protect networks and other computer systems from unauthorized users.

Unlocked front door

The report said district officials gave 4,300 users full access to 20 software libraries that are used to perform sensitive functions that can circumvent security controls.

The study revealed that more than 1,400 inactive user IDs, some from former employees, were not properly disabled, leaving the city's systems vulnerable to sabotage.

GAO noted that after it had conducted its study, district officials acknowledged the weaknesses and responded with a letter outlining actions the city planned to improve information system controls.

District law requires the Chief Technology Office to coordinate the development of information management plans, standards, systems and procedures.

Chief technology officer Suzanne Peck told GAO that the district has developed an action plan to correct all security weaknesses by April of next year. Her office also plans to implement a security management program by October.

'Of the 49 discrepancies identified, we have corrected 34, or about 70 percent,' said Linda Argo, the technology office's chief of staff. 'We plan to have 40 of the discrepancies corrected by March 31, 2001.'

Argo said the district has hired Interliant Consulting and Professional Services Inc. of Woburn, Mass., and Internet Security Services Inc. of Atlanta as consultants to help identify security vulnerabilities.

Since the study was conducted, the city has hired an information director of security and plans to hire a training officer, security officer and a supervisor to conduct risk management, Argo said.

City officials also are reviewing a number of security software packages to help fix the problems, she said.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected