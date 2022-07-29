PHOENIX (3TV/CBS 5) - A new government report reveals gaps in cybersecurity at the Internal Revenue Service. The Treasury Inspector General for Tax Administration (TIGTA) evaluated 20 metrics and determined only three were effective.

“The IRS is El Dorado for a hacker,” said Beau Friedlander, co-host of the podcast What the Hack. “It’s a massive organization. They received over 250 million tax returns last year. It’s a lot of information to herd and keep under control, and right now they’re not doing as good of job as they probably need to.”

TIGTA found that the IRS could improve on maintaining a comprehensive and accurate inventory of its information systems; tracking and reporting on an up-to-date inventory of hardware and software assets; maintaining secure configuration settings for its information systems; implementing flaw remediation and patching on a consistent and timely basis; and ensuring that security controls for protecting Personally Identifiable Information are fully implemented. The IRS needs to take further steps to improve its security program deficiencies and fully implement all security program components in compliance with FISMA requirements; otherwise, taxpayer data could be vulnerable to inappropriate and undetected use, modification, or disclosure.

Click here to read the full report.

“One of the ones that popped out at me was that updates and inventory on machines being used, software being used, were not being managed and measured regularly. That means that there could very well be unpatched software used. There could be machines that are unsecure,” Friedlander said. “We need to see this change quickly, and it can change quickly.”

In a statement to On Your Side, the IRS said the following:

The IRS operates a highly effective cybersecurity program that is comparable to what is provided by leaders in private industry. As stated in the report, ‘The IRS’s Cybersecurity Program was generally aligned with applicable FISMA requirements, Office of Management and Budget policy and guidance, and National Institute of Standards and Technology standards and guidelines.’ IRS also continues to make substantive and measurable progress on its cybersecurity program, which includes dedicated investments in personnel and state-of-the-art technology to proactively prevent, detect and mitigate cybersecurity risks. We look forward to continuing to improve the IRS’s already strong security posture going forward.

Copyright 2022 KTVK/KPHO. All rights reserved.