IRS Slammed for Failing to Integrate Stronger Cybersecurity Measures

The rise of internet hackers has Americans more paranoid than ever about protecting their personal information. Anytime new cybersecurity software is introduced, it seems that someone has already figured out ways to breach it. So what is the Internal Revenue Service (IRS) doing to safeguard citizens’ financial information?

According to chairman of the Committee on Homeland Security, Sen. Ron Johnson (R-Wis.), the IRS isn’t doing enough.

On September 8, 2016 the Senator wrote an official letter to IRS Commissioner John Koskinen asking why the IRS has not fully integrated the EINSTEIN cybersecurity network despite the Federal Cybersecurity Enhancement Act of 2015.

The bill specifically ordered the Department of Homeland Security (DHS) along with its affiliated departments and agencies to implement EINSTEIN protection by December 18, 2016. Later, the bill was made part of the Cybersecurity Information Sharing Act (CISA) of 2015.

In his letter, Johnson outlined EINSTEIN’s two major cybersecurity functions. First, it discovers and stops cyberattacks from infiltrating government agencies. And secondly, it alerts the DHS to potential cybersecurity threats. Alerts that other agencies and private sector organizations can use to minimalize future risks.

Wouldn’t these functions prove extremely valuable to the IRS? If so, what is the IRS’s excuse for not complying with the CISA mandates? Basically, the IRS claims that other statutes allow the agency exemption from said mandates.

This rather frail excuse is particularly concerning in light of the highly publicized IRS data breach just last year. The breach occurred after hackers successfully manipulated the “Get Transcript” application, a program designed to enable users to access their tax histories online. As a result, the social security numbers and tax accounts of over 700,000 individuals were compromised, considerably increasing the likelihood of identity theft.

Johnson concluded his letter by requesting that the IRS prove to what extent it implemented the EINSTEIN program and its plan to further comply with CISA mandates.