While the Internal Revenue Service (IRS) has taken grief over the years for aspects of its IT capabilities and is embarking on a new modernization campaign, a new agency inspector general report is coming in with some good news about one aspect of the IRS’ cybersecurity defenses: ransomware.
According to a Nov. 23 report from the Treasury Inspector General for Tax Administration (TIGTA), the IRS has done an overall good job with “effectiveness of controls to respond to and recover from malware (ransomware) attacks.”
“TIGTA reviewed IRS policies and procedures related to Incident Response Plan requirements and determined they were generally consistent with National Institute of Standards and Technology guidance,” the IG report says.
“IRS officials state there have been no successful ransomware attacks against the IRS prior to June 2022,” the report says.
The publicly available IG report does state that IRS reported one unsuccessful attack against the agency, although some of the information about that was redacted from the report. The attack was identified by the IRS’s Computer Security Incident Response Center (CSIRC) and the proper precautions were taken, the report says.
“CSIRC personnel analyzed the website browsing log and identified website traffic patterns consistent with ransomware, and then removed the computer from the network,” the IG said. “We compared the details of this incident response report against current policies and procedures and determined that the CSIRC took appropriate actions to resolve the incident.”
The report covers an examination of the following points:
- Reviewed Federal government and IRS requirements for an incident response plan, an alternate storage site, and information system backup controls;
- Determined whether the controls for incident response related to malware, specifically ransomware, were effective by comparing the details of one incident response report against IRS policies and procedures;
- Determined whether the alternate storage site and information system backup controls of systems potentially affected by malware, specifically ransomware attacks, were effective by interviewing IRS management and personnel and reviewing ISCP testing results from July 1, 2021, through June 30, 2022; and
- Determined whether the system owner(s) created a Plan of Action and Milestones to address any deficiencies identified during ISCP testing.