IRS comes under fire for lagging to adopt cyber defenses

(iStock image)

The Internal Revenue Service is under fire for delaying to upgrade its network security with the tool used by the Department of Homeland Security to protect federal networks.

Senate Homeland Security Committee Chain Ron Johnson, R-Wis., said the IRS has shown an “unwillingness” to adopt the Einstein penetration-detection system, which was originally mandated by the Cybersecurity Act of 2015.

The Einstein platform — also known as E3A — has been pushed by the Obama administration in the fallout over the OPM hack. The tool is available to the entire federal government through DHS, and has been mandated by Congress to cover the entire .gov domain by the end of the year.

Johnson requests that the agency reports back to the committee by Sept. 14. The final deadline for Einstein implementation — as is stipulated under federal law for all federal departments and agencies — is not until Dec. 18.

“As you know, last year the IRS suffered a substantial breach. However, tDHS recently told my committee staff that the IRS is either unable or unwilling to implement the statutorily required mandates of integrating all levels of the Einstein network protection tools on the IRS systems and for all IRS data,” Johnson wrote in a letter Thursday.

Because of the valuable personal information of civilians held by the IRS and the agency’s collective history of data breaches, Johnson explained that he believes the absence of Einstein is “concerning.”

Sen. Johnson’s letters follows closely with the return of lawmakers to Capitol Hill for a brief session prior to the election. With a matter of months left before inauguration, federal funding looks to become a legislative focal point — with the National Defense Authorization Act, or NDAA, which governs the defense budget, also still in limbo.