GAO blasts Washington for weak security

GAO blasts Washington for weak security

District of Columbia responds with a plan of action to improve information systems controls, hire more officers

BY DONNA YOUNG | GCN STAFF

The federal General Accounting Office assailed the District of Columbia's public works, technology and financial offices for having serious and pervasive weaknesses in their computer security.

GAO's criticism came in a report to Mayor Anthony A. Williams from the agency's annual audit of the district's Highway Trust Fund.

The congressional watchdog agency identified software configuration weaknesses that could let users bypass controls and gain unauthorized access to financial, payroll, personnel and tax information.

GAO said the lack of a comprehensive computer security management program lies at the root of the district's security problems.

A GAO study conducted from June to August last year found that city officials did not adequately limit access granted to authorized users, properly manage user IDs and passwords, effectively maintain system software and controls, or sufficiently protect networks and other computer systems from unauthorized users.

Unlocked front door

The report said district officials gave 4,300 users full access to 20 software libraries that are used to perform sensitive functions that can circumvent security controls.

The study revealed that more than 1,400 inactive user IDs, some from former employees, were not properly disabled, leaving the city's systems vulnerable to sabotage.

GAO noted that after it had conducted its study, district officials acknowledged the weaknesses and responded with a letter outlining actions the city planned to improve information system controls.

District law requires the Chief Technology Office to coordinate the development of information management plans, standards, systems and procedures.

Chief technology officer Suzanne Peck told GAO that the district has developed an action plan to correct all security weaknesses by April of next year. Her office also plans to implement a security management program by October.

'Of the 49 discrepancies identified, we have corrected 34, or about 70 percent,' said Linda Argo, the technology office's chief of staff. 'We plan to have 40 of the discrepancies corrected by March 31, 2001.'

Argo said the district has hired Interliant Consulting and Professional Services Inc. of Woburn, Mass., and Internet Security Services Inc. of Atlanta as consultants to help identify security vulnerabilities.

Since the study was conducted, the city has hired an information director of security and plans to hire a training officer, security officer and a supervisor to conduct risk management, Argo said.

City officials also are reviewing a number of security software packages to help fix the problems, she said.

inside gcn

  • power grid (elxeneize/Shutterstock.com)

    Electric grid protection through low-cost sensors, machine learning

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group