GAO Enfolds Security Lapse of IRS
In the second week of January 2008, the government auditors slammed the cybersecurity infrastructure of Internal Revenue Service (IRS). The reason for a shutdown of the service was revealed by them as the lack in showing a responsive behaviour by the agency towards the recommendations made earlier, that it is posing an increased risk of disclosing, destructing or modifying the confidential taxpayer data to an unauthorized user.
As per the Government Accountability Office (GAO), the IRS that collects tax and protects it to the core has completely failed to enforce strong passwords in protecting computer data and resources and in encrypting sensitive data. The GAO examined the data security measures of IRS by following the rules and norms required under the act of Federal Information Security Management. The act enforces chief elements required to build up an effective information security program.
The whole method of tax collection, processing return and enforcing the tax laws are performed through computerized systems by the IRS. Hence, the effective information security program helps in controlling and protecting the taxpayer's financial information from hackers, frauds, disclosure, and destruction.
According to the GAO, the IRS was able to fix only 29 out of 98 information security weaknesses, which were identified in the month of March last year (2007). The GAO revealed that around 60 employees were given the permission to access the commands so that they can make significant changes in the operating system at one IRS center. At two IRS data centers, the GAO revealed that the administrator was given the permission to access a key application containing unencrypted data log-ins, which helps in revealing the name and password of the user.
The GAO recently came out with its new report on that described one IRS data center that installed critical patches to server software in more than four months, as reported by PC World on January 8, 2008.
The Director of Information Security issues at GAO, Gregory Wilshusen, said that all these incidents have opened the IRS centers more to risk of unauthorized disclosure, tax payers' data modification and financial data destruction, reported FCW on January 8, 2008.
Related article: GIO’s Confidential Information Hacked and disclosed
» SPAMfighter News - 22-01-2008