GAO blasts Washington for weak security

GAO blasts Washington for weak security

District of Columbia responds with a plan of action to improve information systems controls, hire more officers


The federal General Accounting Office assailed the District of Columbia's public works, technology and financial offices for having serious and pervasive weaknesses in their computer security.

GAO's criticism came in a report to Mayor Anthony A. Williams from the agency's annual audit of the district's Highway Trust Fund.

The congressional watchdog agency identified software configuration weaknesses that could let users bypass controls and gain unauthorized access to financial, payroll, personnel and tax information.

GAO said the lack of a comprehensive computer security management program lies at the root of the district's security problems.

A GAO study conducted from June to August last year found that city officials did not adequately limit access granted to authorized users, properly manage user IDs and passwords, effectively maintain system software and controls, or sufficiently protect networks and other computer systems from unauthorized users.

Unlocked front door

The report said district officials gave 4,300 users full access to 20 software libraries that are used to perform sensitive functions that can circumvent security controls.

The study revealed that more than 1,400 inactive user IDs, some from former employees, were not properly disabled, leaving the city's systems vulnerable to sabotage.

GAO noted that after it had conducted its study, district officials acknowledged the weaknesses and responded with a letter outlining actions the city planned to improve information system controls.

District law requires the Chief Technology Office to coordinate the development of information management plans, standards, systems and procedures.

Chief technology officer Suzanne Peck told GAO that the district has developed an action plan to correct all security weaknesses by April of next year. Her office also plans to implement a security management program by October.

'Of the 49 discrepancies identified, we have corrected 34, or about 70 percent,' said Linda Argo, the technology office's chief of staff. 'We plan to have 40 of the discrepancies corrected by March 31, 2001.'

Argo said the district has hired Interliant Consulting and Professional Services Inc. of Woburn, Mass., and Internet Security Services Inc. of Atlanta as consultants to help identify security vulnerabilities.

Since the study was conducted, the city has hired an information director of security and plans to hire a training officer, security officer and a supervisor to conduct risk management, Argo said.

City officials also are reviewing a number of security software packages to help fix the problems, she said.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected