Perhaps you remember the ‘Get Transcript’ Internal Revenue Service (IRS) hack of 2015, when bad actors gained network access to some 700,000 U.S. taxpayer accounts. That wasn't very comforting to learn, particularly when the number of compromised records kept climbing.
Or, maybe you knew that last September, the Treasury Inspector General for Tax Administration (TIGTA) sharply criticized the IRS’s cybersecurity program, pointing to needed fixes in continuous monitoring, configuration management, and identity and access management, among others.
Not surprisingly, TIGTA, for the sixth consecutive year, called taxpayer data security and privacy the “number one management and performance challenge” facing the IRS, pointing out that “much work remains.”
ISA Cybersecurity Spending, Budget: Showing Progress?
Less than a year later, however, things may be looking up. Based on a newly released TIGTA audit, the IRS tracked, monitored and property spent $106.4 million in federal funds earmarked for cybersecurity and identity theft enhancements.
In other words, the money has gone toward fixing what needed fixing -- network security improvements, more effective monitoring of data traffic, replacement of outdated equipment, and protection of taxpayer data from unauthorized access by identity thieves.
The $106.4 million is a portion of the $290 million Congress designated for the IRS to improve customer service, cybersecurity, and to prevent identity theft and fraud. The IRS allocated $91.8 million to protect taxpayer data and $14.6 million aimed at programs to combat identity theft, in a collaboration with tax preparers, software developers, payroll and tax financial product processors and State tax administrators.
Funding also backed a web-based authentication application, enabling taxpayers to provide proof of identity and increase the efficiency of case resolution of the IRS's Taxpayer Protection Program.
Some $71.7 million of the funded was directed at FY 2016 with the remaining $20.1 set aside for FY 2017.
IRS Cybersecurity Audit: A Look at the Math
At the granular level, the IRS passed this test: TIGTA said it examined supporting contracts and invoices for 48 requisitions across nine cybersecurity funding categories and determined that the dates, description of work, and dollar amounts were adequately supported and correctly assigned to the appropriated funding account.
And this one as well: TIGTA determined that the 20 requisitions related to the Actions From the Security Summit and the Get Transcript Relaunch and Analytics obligated for identity theft were adequately supported and included transaction dates, description of work, and dollar amounts and correctly identified the appropriated funding account.
The House’s FY 2018 appropriations bill calls for a $149 million cut to the IRS budget from FY 2017 levels. However, the legislation would provide more money, some $211 million, to strengthen the agency’s cybersecurity profile.