Auditors: IRS should scan servers weekly
The IRS should scan all servers often to protect against malicious code and software attacks, IG recommends.
The Internal Revenue Service should scan all its computer servers each week to protect against malicious code and software attacks, the Treasury Inspector General for Tax Administration (TIGTA) said in a report released today.
The IRS generally has adequate security controls to prevent and respond to malware attacks and has taken steps to protect its computer systems and taxpayer data from the increasing threat of hackers, TIGTA also said.
The IRS uses automated antivirus software to scan its employee workstations on a weekly basis, but the service did not consistently schedule antivirus scans for servers, the report said. About 89 percent of servers were scanned weekly, with the remaining servers scanned less frequently or not at all, according to the report.
The IRS’ Cybersecurity Computer Security Incident Response Center responded to 961 malware incidents in calendar year 2008, an increase of 45 percent over the prior year, Michael Phillips, the deputy inspector general for audit, said in the report.
“The introduction of malware on servers is particularly risky because many users access them [servers], making the spread of the malware to other computer systems more likely,” he said.
In addition to scheduling automatic scans of antivirus software on servers, the IRS should make sure that its administrators do not use their IRS accounts to access the Internet, the report noted. The service also should notify employees and their managers when their activity results in a successful malicious code incident, “particularly when the activity is a violation of IRS policy, TIGTA said. The IRS should update employee security awareness training to include the use of portable and removable devices among the common ways in which users can introduce malicious code to the network and its potential effects, the report stated.
Terence Milholland, IRS’ chief technology officer, said in response the service would begin to scan all servers weekly by May 1 and implement regular reminders on Internet access restrictions by Aug. 1. The IRS would start notifying employees and their managers when their activity results in a malware incident, he said.
The report is at http://www.treas.gov/tigta/auditreports/2009reports/200920045fr.pdf
NEXT STORY: Auditors: FEMA acquisition files are a mess