An inspector general report has found security weaknesses and other issues with wireless networks at the IRS, echoing many of the same kinds of findings just days before by the counterpart office at the Interior Department.
While its investigation was not as extensive as that at Interior—where the IG at Interior was able to gain access to networks using common hacking techniques from employees using cell phones–the IG at the IRS found similar issues there, including that wireless access points “are broadcasting a wireless network signal beyond IRS-controlled space, which creates the potential risk of external entities detecting and attempting to access or hack the IRS through the wireless networks.”
Employees detected the wireless signal outside of the IRS-controlled space in 21 of the 28 locations visited. “In addition, multifunction printers are broadcasting a wireless signal, which violates IRS policy and creates a potential risk of signal interception and potential unauthorized access to the IRS’s internal network,”
It said that the agency is working on resolving 25 open security weaknesses, eight of which are beyond the scheduled correction due dates, one of which dates to February 2018.
Also as at Interior, the report found that the agency does not have a full and complete inventory of its wireless access points—of the 321 in the 28 locations, only 205 were fully accounted for—which “hinders the IRS’s ability to timely detect the loss or potential theft of the access points.”
Agencies Must Collaborate to Secure Networks, Council Says (January 2020)
DHS Issues Cyber Toolkit for Leaders (June 2020)
Cybersecurity Detail Opportunities Offered (April 2020)