Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

What the Census Bureau Can Learn From the IRS About Detecting Cyberattacks

Inspectors general from Commerce and Treasury present a tale of two testing regimes.

In separate reports, agency watchdogs demonstrated the difference proper implementation of detection controls can make in limiting the impact of attempted cyber intrusions: one, a foiled ransomware attack against the Internal Revenue Service; the other, an internal penetration test of the Census Bureau’s resilience. 

IRS personnel told the Treasury Department’s Inspector General for Tax Administration, or TIGTA, that their centralized information security hub responded to—and neutralized—a ransomware attack it detected in May, according to a Nov. 23 report

The TIGTA report credited the successful detection and response to testing procedures that the IRS incorporated into its policies under guidelines from the National Institute of Standards and Technology and the Cybersecurity and Infrastructure Security Agency.  

Another inspector general report—from the Commerce Department—showed how incomplete implementation of similar policies can deliver starkly different results, in this case at the Census Bureau.

The Census Bureau is required “to record and monitor the activity on its network and to respond to alerts about potential security incidents,” but failed to do so, the Commerce IG wrote in a Nov. 22 report based on a covert penetration test it conducted from August 2021 to March of this year.

The Commerce IG conducted the test in reaction to a January 2020 attack on the Census Bureau in which outside malicious hackers successfully exploited security holes. During the more recent exercise, the Commerce IG’s “red team” was able to avoid detection while gaining access to personally identifiable information, or PII, stored by the Census Bureau. 

The Commerce IG suggested the agency establish “a process to periodically test and inspect Bureau websites and web applications for vulnerabilities and susceptibility of malicious input,” along with other recommendations, all of which the Census Bureau concurred with.

In contrast, the Treasury’s IG had no recommendations for the IRS. That report described an active and comprehensive system for responding to indicators of malicious behavior at the IRS’ Computer Security Incident Response Center.

“The CSIRC provides daily operational coverage for monitoring and analysis for intrusion attempts or anomalous activity,” the IG wrote, noting reports “are assessed to determine the nature and severity of events to formulate a prompt response for containment and eradication, thereby minimizing impact. Reported incidents are documented within the CSIRC centralized Incident Tracking System and further triaged to determine the validity, severity, and impact of the event.”

In the case of the May ransomware incident, CSIRC personnel found patterns in their analysis of web browsing logs that suggested the presence of ransomware and were able to locate and pull the implicated device from the network, according to the report.

Commerce’s IG, on the other hand, “found that even though the malicious activity was mostly captured in logs … The [Census] Bureau had not configured its security tools to generate alerts on these specific indicators of attacks and activities,” allowing the red teamers to go undetected. 

The Commerce IG made 10 recommendations for the Census Bureau, including that it, “Develop alerts that align with common detection methods for known attacks and periodically verify that these detection methods remain current and effective [and] … Update logging configuration requirements to collect information necessary for reporting breaches related to sensitive PII.”

Copyright 2021 Associated Press. All rights reserved.

Source: https://www.nextgov.com/cybersecurity/2022/11/what-census-bureau-can-learn-irs-about-detecting-cyberattacks/380217/

Advertisement. Scroll to continue reading.
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

A top Defense Department official described the private sector as “absolutely essential” in implementing the agency’s new cyber strategy. A top Defense Department official...

Cyber Security

The agency is utilizing a relaunched cybersecurity coordination center and additional programs to significantly ramp up interactions with key partners, a top official said....

Cyber Security

The nation’s cyber defense agency is building onto White House efforts to secure schools’ systems nationwide with the help of major education software companies....

Cyber Security

Despite recent improvements, a watchdog report claims the agency still has more it can do to make threat-sharing policies more effective. Though the Federal...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO