Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

IRS needs better documentation for its cyber threat hunts, watchdog says

A new report noted that a lack of “established policies and procedures” could prevent the tax agency from meeting federal requirements.

An Internal Revenue Service watchdog released a new audit last week that highlights necessary changes for the agency’s current cyber threat analysis procedures, including more thorough threat hunt documentation and formal review processes for device and program blocks. 

Cyber threat hunting involved “proactively searching organizational systems, networks and infrastructure for advanced threats,” according to the report.

The Treasury Inspector General for Tax Administration examined the IRS’s current cyber threat hunting process, noting that a successful cyberattack on IRS systems could result in compromised tax data and possible national security fallout. 

“By not having established policies and procedures, the IRS risks its employees not meeting federal requirements for cyber threat hunting,” the report says. “As the nation’s tax agency, the Internal Revenue Service collects and stores substantial amounts of personally identifiable information, including all tax records for individuals and corporations.”

The audit also noted that documentation chronicling cyber hunts was insufficient and incomplete. It specified that 10% of a sample of 25 threat intelligence tickets issued internally lacked the necessary information regarding the hunt process and results.

This is partially due to the fact that the IRS’ desk guide — a series of instructions that describe procedures for analysts to follow when conducting cyber hunts — lacks specifics for documenting threat landscape reports.

“The desk guide does not specify what should be included, such as actions taken to address the potential threat,” the audit says. TIGTA officials noted that the IRS updated its desk guide during the audit process.

Ultimately, the report issued two recommendations for the IRS: update the Internal Revenue Manual with current best practices for threat hunts as issued by the National Institute of Standards and Technology, and develop and deploy a formal process to review and approve proposed device or program block removals.

In response to the audit, the IRS agreed that it needs to both update its formal manual with NIST best practices and that a formal procedure for removing category blocks that alter access to agency network destinations needs to be implemented. 

“Malicious cyber actors intent on disrupting U.S. government operations remain a persistent threat,” Jeffrey King, acting chief information officer at the IRS, said in a response letter. “The IRS has made significant progress in continuously adapting and adjusting its processes, procedures and capabilities.”

Source: https://www.nextgov.com/cybersecurity/2023/07/irs-needs-better-documentation-its-cyber-threat-hunts-watchdog-says/388790/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

A top Defense Department official described the private sector as “absolutely essential” in implementing the agency’s new cyber strategy. A top Defense Department official...

Business News

The U.S. government is taking aim at what has been an indomitable empire: Google’s ubiquitous search engine that has become the internet’s main gateway....

Business News

ANKARA, Turkey (AP) — A major rescue operation is underway in Turkey’s Taurus Mountains to bring out an American researcher who fell seriously ill...

Cyber Security

The agency is utilizing a relaunched cybersecurity coordination center and additional programs to significantly ramp up interactions with key partners, a top official said....

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO