Type to search

David Pendered

Data security at Atlanta’s airport remains in question: City audit

By David Pendered

Atlanta’s airport has not kept pace with concerns raised about cyber security,  according to a new city audit.

A new Atlanta audit raises questions about cyber security at the world's busiest passenger airport. Credit: travel-news-photos-stories.com

A new Atlanta audit raises questions about cyber security at the world’s busiest passenger airport. Credit: travel-news-photos-stories.com

The laundry list of unresolved issues includes former airport contractors having access to computer systems regarding the airport; and network issues at the airport so critical that the report said specifically that it did not name them for fear the issues would be made public.

Nothing in the report suggests that passenger safety is at risk. The report does anticipate that Samir Saini, the city’s information technology director since August, will address the issues.

Atlanta city Auditor Leslie Ward presented the report to the Atlanta City Council on Monday. The document is slated for further review in council committees and possible deliberation by the council in 2015.

The new report follows up on a number of formal audits involving the city’s IT department, including one dated November 2011 that had this perspective as the No. 1 mission: “Are controls in place to maintain data security for critical aviation systems?”

The answer from the airport, in some cases, is, “No,” according to the audit.

This is the item that refers to information controls at the Department of Aviation. The audit says the controls were expected to be implemented in January 2012:

  • “We recommended four specific changes to network configuration settings to better secure critical resources. We omit details in this report that could compromise system security pursuant to the Georgia Open Records Act.”

The Aviation Department opted to complete one of the four changes, though it had agreed to implement all four upgrades, according to the audit:

  • “Our review of documentation related to one of four recommended changes in network configuration found that only one of the changes was implemented. The department acknowledged that it has not changed the other three configuration settings as we had recommended.”

This audit joins a growing list of issues related to the city’s ability to manage its digital affairs. Atlanta purchased a computer system that has not fulfilled expectations and requires ongoing funding to perform.

The purpose of the new audit was to address a number of IT issues, or information technology issues, that it had raised over the previous 84 months. The city auditor is supposed to provide reports that look back to determine if recommendations have been followed.

The new audit shows the IT department implemented 10 recommendations; partially implemented five recommendations; and did not recommend nine recommendations.

Here are a few of the issues and the city’s responses:

  • Recommendation: Implement a process to promptly remove contractor access to systems when the contract term expires and/or contractor is no longer working on behalf of the city.
  • Auditor analysis: The [aviation] department has not provided documentation that this recommendation was implemented.
  • Recommendation: Finalize C4 hot site operations and then develop and test a full disaster recovery plan.
  • Auditor analysis: The [aviation] department stated that the C4 hot site is operational; however, the department did not provide documentation of the development and testing of a full disaster recovery plan.”


David Pendered

David Pendered, Managing Editor, is an Atlanta journalist with more than 30 years experience reporting on the region’s urban affairs, from Atlanta City Hall to the state Capitol. Since 2008, he has written for print and digital publications, and advised on media and governmental affairs. Previously, he spent more than 26 years with The Atlanta Journal-Constitution and won awards for his coverage of schools and urban development. David graduated from North Carolina State University and was a Western Knight Center Fellow.


1 Comment

  1. Burroughston Broch December 3, 2014 11:11 pm

    Yet another City audit to be locked away in a filing cabinet and forgotten.Report


Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.