A recent audit found that the Internal Revenue Service (IRS) has cybersecurity deficiencies that are leaving taxpayer data open to misuse, tampering, or disclosure due in part to the agency’s over-reliance on older systems.
The IRS Restructuring and Reform Act of 1998 requires the Treasury Inspector General for Tax Administration (TIGTA) to annually assess and report on an evaluation of the adequacy and security of IRS information technology.
“The reliance on legacy systems and aged hardware and software, and its use of outdated programming languages, pose significant risks to the IRS’s ability to deliver its mission,” the latest audit notes.
Modernizing the IRS’s computer systems has been a persistent challenge for many years and will likely remain a challenge for the foreseeable future. The agency is working the problem through its IRS Integrated Modernization Business Plan, which provides a six-year roadmap for the necessary modernization of IRS systems and taxpayer services. Rollout of the plan is taking place in two separate three-year phases that began in Fiscal Year 2019.
Among other items, TIGTA found that most laptop and desktop computers the IRS provides employees are sanitized before disposal, but verifying that process and its effectiveness is difficult.
“Overall, the IRS needs to ensure that it continues to leverage viable technological advances as it modernizes its major business systems and improves its overall operational and security environments,” the audit report says.
The agency, the audit report adds, must improve its abilities to detect cyber events through continuous monitoring, and keep track of its hardware and software.