FY2017 PROPOSED BUDGET
FY2017%20Proposed%20Budget
FY2017%20Proposed%20Budget
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Washington Metropolitan Area Transit Authority<br />
Proposed <strong>FY2017</strong> Budget<br />
Chapter 3<br />
Web filtering services for WMATA’s network has been enhanced to web security via group-based<br />
web browsing policies with user repository integration. Advanced SSL decryption allows for the<br />
protection for access to specific web sites while decrypting and inspecting traffic from unknown<br />
entities. Bandwidth control applied to designated categories ensure quality of service to<br />
business/mission critical network applications.<br />
Aim Parallel Environment (AIMPE), a SCADA system for Rail Operations, is building a new<br />
network infrastructure to contain rail operations at JGB and CTF to include staging and lab areas.<br />
The environment was designed with security at the forefront and is in progress of implementation.<br />
Security equipment was procured, configured and installed at three individual sites. New features<br />
of the incumbent design over the predecessor include full mesh network and secure connectivity<br />
between the existing dual networks used for ROCC AIM systems. Security risk scanning and<br />
vulnerability update methodologies are in place to active security monitoring and alerting. The<br />
current LAB environment designs have been updated, secured and are now actively monitored.<br />
WMATA Identity and Access Management (IAM) suite has been migrated from Windows to<br />
Linux platform for better performance and reliability. This service provides Single Sign On (SSO)<br />
for various enterprise applications to include Cognos, Travel Authorization / Travel<br />
Reimbursement, Board Agenda Review and Nomination Form. PeopleSoft Finance has been<br />
integrated to automate application access removal for separated users to comply with FTA audit<br />
requirements. Automation of user activation has been implemented for the annual security<br />
awareness training process. Integration between Active Directory and PeopleSoft has provided<br />
automation for granting network access for new hires and the automatic removal of network access<br />
for separated users, eliminating manual processes, and minimizing organization exposure to legacy<br />
accounts.<br />
During this period, Metro IT Security revised position descriptions to match industry standards<br />
and re-organized department staff. MITS sought to improve the control of project and task flow<br />
and to provide consistency in expectations. To accomplish this, IT established a customer facing<br />
Program Manager’s role and a service focused operations team. The Program Manager has been<br />
assigned and is integrated in daily activities. The operations team is in the process of standing up.<br />
FY2015 closed out a long standing staff augmentation contract which made up 35 percent of MITS<br />
staff. The contract was awarded and personnel switch has been completed. The current contract is<br />
stable for the next five years.<br />
MITS has completed numerous projects for customers to include development of NEPP datacenter<br />
build with security architecture design and deployment, rollout of a CAD/RMS (Computer Aided<br />
Dispatch / Remote Management System) network allowing secure remote connectivity for MTPD,<br />
TWDT 7K which provides secure wireless communication to the rail cars, and the expansion of<br />
WMATA guest wireless services at CTF. In addition, the MITS created a new secure environment<br />
for ESS to have a separate off-production network for testing of video streaming to mitigate risk<br />
from network disruptions caused by testing multicasting on the production network.<br />
Security Center is used as a vulnerability scanning tool to identify vulnerabilities on network<br />
devices, servers, workstations, and databases. MITS has rolled an Authority-wide scanning portal<br />
which allows PCI system administrators, DCI system administrators, and DBA’s access to scan<br />
III-79