GAO: IRS Modernization Program Still at Risk

The Internal Revenue Service's Business Systems Modernization program continues to experience information security control weaknesses, according to a Government Accountability Office report issued Wednesday.

Citing a recent audit by the Treasury Inspector General for Tax Administration, the GAO said the IRS deployed two critical systems with known security vulnerabilities relating to the protection of sensitive data, system access, monitoring of system access and disaster recovery. IRS identified those two systems as CADE Customer Account Data Engine and Accounts Management Services, which is aimed at furnishing applications for agency employees to access, validate and update accounts on demand.

GAO points out that the IRS continues to employ its high-priority initiatives program to address security challenges. And the GAO says the program improvement process continues to be an effective way to regularly assess, prioritize and incrementally address business systems modernizations challenges. Last September, IRS completed another cycle of high-priority initiatives and is working on a cycle that is scheduled to be completed this month.

"While actions to address our report findings and the high-priority initiatives help to improve IRS's security posture," writes David Powner, GAO director of information technology management issues, "the modernization environment will continue to be at risk until the agency completes these initiatives and addresses our report findings."

Microsoft Strategist Named to Senior DHS IT Security Post

Philip Reitinger, Microsoft's chief trustworthy infrastructure strategist was named Wednesday as deputy undersecretary of the National Protection Program Directorate at the Department of Homeland Security.

"Phil's background in cybersecurity and computer crime coupled with his experience working across the federal government and the private sector to develop innovative security strategies makes him an asset to our department," DHS Secretary Janet Napolitano said in a statement announcing Reitinger's appointment.

At Microsoft, Reitinger worked on programs aimed at protecting and securing the nation's critical IT infrastructure, allowing him to coordinate closely with the government and private companies on cybersecurity protection programs to build trustworthy computing systems worldwide.

Reitinger, as a member of the Federal Emergency Management Agency National Advisory Council, advises the FEMA administrator on aspects of cybersecurity related to emergency management. He previously served as the executive director of the Defense Cyber Crime Center, charged with providing electronic forensic services and supporting cyber investigations. Reitinger also served as deputy chief of the Computer Crime and Intellectual Property Division at the Justice Department.

Reitinger holds a law degree from Yale Law School and a bachelor's degree in electrical engineering and computer science from Vanderbilt University.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.