|front page - search - community|
GAO: D.C. vulnerable to hackers
(Published Nov. 6, 2000)
By OSCAR ABEYTA
A federal agency has found serious deficiencies in the District’s computer security that could allow hackers to access government financial records and information about D.C. taxpayers.
A General Accounting Office audit of the city’s highway trust fund found "serious and pervasive weaknesses in controls over access to District (computer) systems," according to a report issued Oct. 31.
"Unauthorized individuals could gain access to critical hardware and software where they may intentionally or inadvertently add, alter or delete sensitive financial data or computer programs," the report stated. "Such individuals could also obtain District taxpayer information and use it to disrupt operations or engage in fraudulent activities using names and related personal information."
Investigators said they did not examine all of the computer security systems during their audit, leaving open the possibility that more vulnerabilities could exist. They said they are preparing a separate report specifically dealing with computer security issues for the mayor.
Investigators found the D.C. government did not provide adequate physical security for its computer facilities, did not adequately manage user identifications and passwords, or adequately monitor workers’ access to the systems. The report also found the District did not have any procedures for regaining critical functions during computer emergencies.
Auditors said the main reason the District’s computer systems are vulnerable is because the D.C. government doesn’t have a comprehensive computer security system in place.
Security weaknesses found by the GAO are the latest in a series of computer problems that have plagued various D.C. agencies. Earlier this year, the D.C. government was forced to scrap a $20 million payroll and personnel program because the installation of the program had been botched so badly that it was beyond repair. That resulted in some teachers and firefighters getting only partial paychecks for months.
In October 1998, the chief financial officer’s office switched over to a new financial management program, the System of Accounting and Reporting (SOAR). But because of inadequate training, the office was unable to easily generate the reports necessary to conduct an independent audit of the city’s finances, which is required by D.C. law to be completed by Feb. 1 of every year. This year’s audit was nearly three months late.
At the end of last month, the police department’s statistical analysis computers crashed, making it impossible for police to track crime statistics for nearly two weeks.