IRS Computer Security Incident Response Center needs improvement

The Internal Revenue Service’s Computer Security Incident Response Center is preventing some cybersecurity violations, but could use some improvements, according to a new report. The report, from the Treasury Inspector General for Tax Administration, noted that the CSIRC is responsible for preventing, detecting, reporting, and responding to cybersecurity incidents, such as computer related threats and attacks targeting the IRS’s technology assets. As the IRS holds tax information on all taxpayers, the agency presents an attractive target for hackers. But weaknesses in the CSIRC program could prevent the timely detection, prevention, or reporting of unauthorized access and disclosure of taxpayer data. In general, according to the report, the CSIRC prevented, detected, reported and responded to a number of cybersecurity incidents. TIGTA took a sampling of 100 incidents out of a total population of 368 incidents during fiscal years 2015 and 2016, through April 30, 2016. It found the CSIRC properly identified and documented the type, nature and scope of all 100 incidents, including the systems and applications affected, the source of the incident, and the specific kind of lost equipment. However, TIGTA found several areas in which the CSIRC could improve its operations. Read More