Senator pushes IRS on cybersecurity
A Senate committee chairman is questioning the Internal Revenue Service on its “apparent reluctance” to implement a data security system “in the wake of recent, high-profile cyberattacks against the IRS.”
In a letter to IRS Commissioner John Koskinen, Sen. Ron Johnson (R-Wis.), chairman of the Committee on Homeland Security and Governmental Affairs, said, “The IRS’s refusal to adopt the EINSTEIN system is very concerning due to the vast amounts of personal data stored by the agency, as well as its recent security breaches. As you know, last year the IRS suffered a substantial breach. However, the DHS recently told my committee staff that the IRS is either unable or unwilling to implement the statutorily required mandates of integrating all levels of the EINSTEIN network protection tools on the IRS systems and for all IRS data.”
The letter describes EINSTEIN as a “government-wide intrusion detection and prevention system” provided by the Department of Homeland Security.
A law co-sponsored by Johnson requires federal agencies to implement the system by Dec. 18. Johnson said IRS thinks other statutes exempt the agency from that requirement.
An IRS statement said it “continues to focus on cybersecurity and protecting taxpayer data. This remains a priority area even as the IRS budget has declined by $900 million since 2010.
“The IRS has been a supporter of EINSTEIN since 2007, including implementing” the first two EINSTEIN steps,” [the] IRS said. “As a next step in hardening our network and detecting and preventing malicious traffic, the IRS will put in place EINSTEIN 3…and is on track to implement before the Dec. 18, 2016 mandated date.”
Despite that, Johnson accused the agency of refusing to adopt the program.
“The refusal to adopt EINSTEIN protections is all the more concerning due to the vast amounts of personally identifiable information that the IRS collects on every American, as well as the previous failure to protect this information,” Johnson wrote.
He cited an inspector general’s report that found “unauthorized users were successful in accessing and obtaining transcripts for 355,262 taxpayers.”
Johnson asked Koskinen to provide an EINSTEIN implementation schedule by Wednesday.
This article was written by Joe Davidson | Columnist from The Washington Post and was legally licensed through the NewsCred publisher network.
Online Degrees & Certificates In Cybersecurity
American Military University's online cybersecurity programs integrate multiple disciplines to ensure you gain the critical skills and management practices needed to effectively lead cybersecurity missions – from government or private industry. Learn from the leader. American Military University is part of American Public University System, which has been designated by the National Security Agency and the Department of Homeland Security as a National Center of Academic Excellence in Cyber Defense Education.