GAO blasts Washington for weak security

GAO blasts Washington for weak security

District of Columbia responds with a plan of action to improve information systems controls, hire more officers


The federal General Accounting Office assailed the District of Columbia's public works, technology and financial offices for having serious and pervasive weaknesses in their computer security.

GAO's criticism came in a report to Mayor Anthony A. Williams from the agency's annual audit of the district's Highway Trust Fund.

The congressional watchdog agency identified software configuration weaknesses that could let users bypass controls and gain unauthorized access to financial, payroll, personnel and tax information.

GAO said the lack of a comprehensive computer security management program lies at the root of the district's security problems.

A GAO study conducted from June to August last year found that city officials did not adequately limit access granted to authorized users, properly manage user IDs and passwords, effectively maintain system software and controls, or sufficiently protect networks and other computer systems from unauthorized users.

Unlocked front door

The report said district officials gave 4,300 users full access to 20 software libraries that are used to perform sensitive functions that can circumvent security controls.

The study revealed that more than 1,400 inactive user IDs, some from former employees, were not properly disabled, leaving the city's systems vulnerable to sabotage.

GAO noted that after it had conducted its study, district officials acknowledged the weaknesses and responded with a letter outlining actions the city planned to improve information system controls.

District law requires the Chief Technology Office to coordinate the development of information management plans, standards, systems and procedures.

Chief technology officer Suzanne Peck told GAO that the district has developed an action plan to correct all security weaknesses by April of next year. Her office also plans to implement a security management program by October.

'Of the 49 discrepancies identified, we have corrected 34, or about 70 percent,' said Linda Argo, the technology office's chief of staff. 'We plan to have 40 of the discrepancies corrected by March 31, 2001.'

Argo said the district has hired Interliant Consulting and Professional Services Inc. of Woburn, Mass., and Internet Security Services Inc. of Atlanta as consultants to help identify security vulnerabilities.

Since the study was conducted, the city has hired an information director of security and plans to hire a training officer, security officer and a supervisor to conduct risk management, Argo said.

City officials also are reviewing a number of security software packages to help fix the problems, she said.


  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.