The IRS office tasked with constantly monitoring the agency’s networks for cyber-attacks and computer vulnerabilities is effectively performing most of its responsibilities for preventing, detecting, and responding to computer security incidents, the Treasury Inspector General for Tax Administration, has said.
However, J. Russell George, the Treasury Inspector General for Tax Administration noted that further improvements could be made. He said for example that the Computer Security Incident Response Center (CSIRC), has a host-based intrusion detection system that is not monitoring 34 percent of IRS servers, putting the agency’s network and data at risk.
Further, the CSIRC is not reporting all computer security incidents to the Department of the Treasury, as required, and incident response policies, plans and procedures are either non-existent or are inaccurate and incomplete, according to TIGTA.
The IRS said corrective actions are planned or being implemented to address the following recommendations: direct the CSIRC to develop its cyber-security data warehouse capability to correlate and reconcile active servers connected to the IRS network with servers monitored by the host-based intrusion detection system; revise and expand an agreement with TIGTA to ensure all reportable and relevant security incidents are shared with the CSIRC; and, collaborate with TIGTA to create common identifiers to help the CSIRC reconcile its incident tracking system with the IG, among other