Home / News / Inspector General: IRS Cybersecurity Center Should Improve Incident Reporting, Employee Training Activities

Inspector General: IRS Cybersecurity Center Should Improve Incident Reporting, Employee Training Activities

The Treasury Department‘s inspector general for tax administration has urged the Internal Revenue Service‘s cybersecurity center to address gaps in its employee training and incident reporting and response efforts.

TIGTA said in a report published Aug. 28 it reviewed 100 cyber incidents in fiscal years 2015 and 2016 and found that IRS’ Computer Security Incident Response Center generally prevented, identified, reported and addressed incidents but showed inconsistencies.

IRS’ CSIRC was required to report 64 of the 100 incidents to the Treasury Department’s CSIRC but did not disclose 22 incidents until IRS was notified of the non-compliance in February.

The report also revealed that some CSIRC employees and contractors did not comply with training requirements of the Federal Information Security Modernization Act as well as mandated internal specialized security training for FY 2015 and 2016.

TIGTA added that CSIRC developed an incident response plan but did not update the plan to meet federal guidelines.

The inspector general called on IRS’ chief information officer to address incident reporting inconsistencies; capture incident response costs; ensure compliance of employees and contractors with specialized security training requirements; and remove access privileges of non-compliant contractors.

Check Also

DARPA Launches Program Seeking High Performance Computing for Military Simulators

The Defense Advanced Research Projects Agency launched a new program to improve how virtual training environments replicate real-world interactions and host more complex systems. DARPA unveiled Monday that the Digital RF Battlespace Emulator program intends to build a new breed of High Performance Computing capable of supporting advanced radio frequency for simulators. 

Leave a Reply

Your email address will not be published. Required fields are marked *