IRS cybersecurity gets good marks

By Jason Miller
Executive Editor
FederalNewsRadio

The IRS is under a tremendous amount of pressure to protect citizen data. Only the Social Security Administration gets as much attention as the IRS for its interaction with the general public.

That is why a recent report from the Treasury Inspector General for Tax Administration shows just how much progress the IRS has made.

“The IRS fared pretty well,” says Jerry Dixon, a former IRS and Homeland Security Department cybersecurity official. “Like many of their previous audit reports over the last 5-10 years, they have showed steady improvements. The IRS is addressing information security issues.”

Dixon, who is now the director of analysis for information security research firm Team Cymra, says the IRS recognized how much personal information they store and have taken steps to protect it.

“They are one of very few agencies going back eight years ago that established a 24/7 incident response team and tied it to a continuity of operations program,” Dixon says. “The team provides reports to senior leadership of current state of cybersecurity across the agency.”

Even the Treasury Inspector General for Tax Administration, Russell George, says the IRS has done a pretty good job. One area that George says the IRS does need to improve on is how they audit their Internet traffic logs.

“This audit found that their intrusion detection systems used at Internet gateways were deployed affectively and routers and firewalls were configured properly,” George says. “Their audit logs however were not adequately saved and reviewed.”

George compared that to a store having a security camera, but no one looking at the tape when a crime has occurred.

“If someone outside the system was attempting to breach it, there are other safeguards that will help prevent it from occurring,” George says. “But if you have an internal person trying to engage in malicious behavior unless you are able to tell who accessed the information when and what information, you will not know what is going on. That is why audit logging is critical to detect hacking and other malicious attempts. It is imperative that this kind of proper management occurs.”

The report, issued in July but just posted to TIGTA’s Web site in December, found that the IRS should have someone other than the system administrator review the audit logs. This third party, which Dixon says could be someone else in the security organization, would look for inappropriate user or system actions and report those incidents.

The IRS also did not save the logs properly on two different servers.

Finally, the IRS did not coordinate the clocks of the firewalls and routers.

George says if these clocks are not coordinated, the IRS would have a harder time figuring out when exactly an incident occurred.

“This was a management decision not to do these things, whether it was an oversight issue or poor planning, it was not occurring,” George says.

According to George, the IRS agreed with all of the IG’s findings and has or is fixing the problems.

Dixon adds that audit logging is common among agencies.

Dixon does warn, however, that there are some considerations agencies must make.

“It is easy to get information overload,” Dixon says. “Agencies have to fine tune what they are logging. They also must define good data retention policy. Do you keep logs for 90 days and then back up to tape and keep them for five years? These are things agencies must decide on.”

—–

On the Web:

FederalNewsRadio –

Federal workers owe billions in unpaid taxes

FederalNewsRadio –

‘Cause I’m The Taxman . . .’

(Copyright 2008 by FederalNewsRadio.com. All Rights Reserved.)

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.