The IRS and the Treasury Department have unveiled a strategic plan that includes goals to modernize infrastructure and improve cybersecurity in order to protect their systems.
The strategic plan, which sets out goals up to 2022, includes six areas of IRS operations that have been targeted for enhancements. These include improving tax compliance and interactions with IRS, collaborating with external partners, cultivating a flexible workforce, advancing data access, usability and analytics and driving forward efficient operations and a modern, secure infrastructure.
The cybersecurity part of the strategy is particularly pertinent after an audit of the IRS’s system in May, which highlighted a number of flaws, including high-risk vulnerabilities that were not identified in a timely manner. GAO Director of IT Management David Powner also cited IRS as one of the agencies that had privacy and security issues in his testimony to the House Oversight and Government Reform Subcommittee on Information Technology in May.
“Security deficiencies can threaten systems once they become operational,” Powner said. “As we previously reported, in order to counter security threats, 23 civilian Chief Financial Officers Act agencies spent a combined total of approximately $4 billion on IT security-related activities in fiscal year 2016. Even so, our cybersecurity work at federal agencies continues to highlight information security deficiencies.”
The strategic plan states that the IRS will update data collection and retrieval capabilities and processes to provide faster authorized access to information, improve analytical tools and data competencies across the IRS and emphasize the use of data analytics, in conjunction with qualitative information, to select high-priority work. These are all components of its plan to improve the way data is stored, used and analyzed as the IRS reveals that the data volume it deals with is 100 times greater than it was 10 years ago.
On the cybersecurity front, the components that form part of the strategic goal are modernizing and integrating technologies and systems that support secure, flexible and accurate work across IRS functions by investing in innovative technologies and the integration of systems. The plan also aims to enhance physical security through increased use of new technologies and standardized countermeasures and security policies, and adopt a proactive approach to implementing new offensive and defensive strategies to cyber threats.
The plan reveals that there were already 2.1 billion denied cyber access attempts on the system in 2016 and 2017. It also shows that over half of IRS hardware is aged as of this year, and bringing this total down is identified as one of the strategic plan’s measures of success.
On the subject of cyber risk, the plan says, “An increased reliance on technology creates the need for increased security, both physical and digital, to protect our employees and taxpayer information from threats. We understand our responsibility to safeguard taxpayer and IRS data, particularly given the growing incidence and sophistication of cyber and identity theft. We remain dedicated to maintaining the physical and digital security of our systems, enhancing internal controls, managing risk and upholding accountability across the agency.”
Read the full strategic plan here