Africa

Americas

Asia

Europe

Oceania

Popular Topics

Topics

About

Policies

Our Network

More

by Constantine von Hoffman

IRS Cybersecurity Loopholes Lead to ID Theft

Opinion
Mar 21, 20122 mins
Data and Information SecurityEncryptionRegulation

For the sixth year in a row the agency failed to resolve known cybersecurity issues: installing critical software fixes, letting unauthorized people access accounting programs, not performing background checks on new hires and failing to make sure contractors had received proper security training.

If you thought you couldn’t like the Internal Revenue Service (IRS) any less, think again. For the past six years straight the IRS failed to install critical software fixes, let unauthorized people access accounting programs and didn’t make sure contractors had received proper security training.

IRS%20logo.gif
According to a report from the Government Accountability Office (GAO), last year the IRS corrected just 29 of 105 previously reported weaknesses, or less than one third of the issues. And 13 of those 29 fixes had been done improperly or incompletely, the GAO reports.

Specific failures include:

  • Lack of controls for identifying and authenticating users, including requirements for strong passwords
  • Access to certain servers not appropriately restricted
  • Sensitive data transmitted without encryption
  • Lax physical access controls

So it’s no surprise that last October the Treasury Inspector General for Tax Administration (TIGTA) said the top priority in its list of management challenges for the IRS this year was security of taxpayer data, including securing computer systems. That’s not to say no action was taken to address the problem; the action just wasn’t very thorough or effective. In addition to a partially-implemented IT security program, the IRS is also at risk due to known vulnerabilities from outdated and unsupported software, and shortcomings in system backups are placing data availability at risk, according to the GAO.

By the way, TIGTA put out a report Monday that said it was unable to confirm that 77 percent of the agency’s new hires had been subjected to required background checks. Yikes.

The IRS is currently five years overdue for complaince with a federal cybersecurity law that says agencies must have department-wide programs that, among other things, train personnel to comply with security policies and test technical protections. I wonder if there’s any sort of late fee or other penalty on that…

Don’t worry too much, though. In response to the report, the IRS agreed to develop a detailed corrective action plan to address the problems.

Show me more

brandpost Sponsored by Progress

Chef provides a powerful, automated way to ensure compliance in hybrid cloud environments

By Paul Desmond
4 mins
Cloud ComputingDevSecOps
Image
brandpost Sponsored by Hitachi Digital

A new spin on SDLC is solving a big problem in industrial AI

By Joe Mullich
6 mins
Artificial Intelligence
Image
opinion

Architecting the next decade: Enterprise architecture as a strategic force

By Vijay Joshi
8 mins
Edge ComputingEnterprise ArchitectureIT Strategy
Image
podcast

Stanford Healthcare taps AI to cut burnout, boost efficiency in patient responses

26 mins
CIO Leadership Live
Image
podcast

Weights & Biases: What it really takes to successfully adopt generative AI

32 mins
Generative AI
Image
podcast

Bentley Motors CIO Kirsty Mason on building the skills foundation for AI adoption

19 mins
CIO Leadership Live
Image
video

Stanford Healthcare taps AI to cut burnout, boost efficiency in patient responses

26 mins
CIO Leadership Live
Image
video

Sidero Labs' Omni makes Kubernetes cluster management effortless

12 mins
DevopsKubernetes
Image
video

Alitheon fights counterfeits with photo fingerprinting tech

14 mins
FraudMachine VisionManufacturing Industry
Image