Home / News / Audit: A Third of IRS Servers Go Unchecked for Threats

Audit: A Third of IRS Servers Go Unchecked for Threats

Site: DHS.gov

Cybersecurity measures are falling short at the Internal Revenue Service, according to a recent Treasury Department audit.

The Inspector General for Tax Administration found that the IRS’ host-based intrusion detection systems were not monitoring nearly 34 percent of the agency’s servers.

The report, published March 12, indicated that the 766 servers comprising the IRS’ criminal investigation unit are not being monitored by intrusion detection systems.

The agency’s cyber systems monitor 43 percent of the IRS’ research, analysis and statistics unit servers, according to the report.

TIGTA auditors recommended for the agency to improve its cybersecurity data warehouse to ensure it is capable of correlating and reconciling the network’s active servers with the monitored servers.

IRS Chief Technology Officer Terence Milholland told auditors in a written response that the IRS agreed with the audit.

He added that the IRS would identify impacted organizations and launch a response by Dec. 31.

The chief information officer would identify additional tools and related applications the agency would need to provide information technology asset information, according to Milholland.

Milholland wrote that the cyber data warehouse is not a repository of IT information, which will lead to a variant-ridden timeline for the IRS CIO’s findings.

Auditors wrote that the IRS’ proposed plan to mitigate security shortfalls did not match report recommendations, specifically regarding the implementation of an automated internal control to identify servers connected to the network without protection.

The IRS later agreed to implement controls but indicated it was not comfortable defining a timeline to roll out the changes.

The agency said implementation dates would depend on another modernization and IT services team.

Auditors additionally found the agency is not reporting all security incidents to the Treasury Department.

The IRS agreed with additional claims that it lacked incident response policies.

IRS has since suggested corrective actions which auditors found insufficient.

Check Also

DARPA Launches Program Seeking High Performance Computing for Military Simulators

The Defense Advanced Research Projects Agency launched a new program to improve how virtual training environments replicate real-world interactions and host more complex systems. DARPA unveiled Monday that the Digital RF Battlespace Emulator program intends to build a new breed of High Performance Computing capable of supporting advanced radio frequency for simulators. 

Leave a Reply

Your email address will not be published. Required fields are marked *