IRS comes under fire for lagging to adopt cyber defenses

The Internal Revenue Service, or IRS, is under fire for delaying to upgrade its network security with a tool that would help protect it from hackers.

(iStock image)

The Internal Revenue Service is under fire for delaying to upgrade its network security with the tool used by the Department of Homeland Security to protect federal networks.

Senate Homeland Security Committee Chain Ron Johnson, R-Wis., said the IRS has shown an “unwillingness” to adopt the Einstein penetration-detection system, which was originally mandated by the Cybersecurity Act of 2015.

The Einstein platform — also known as E3A — has been pushed by the Obama administration in the fallout over the OPM hack. The tool is available to the entire federal government through DHS, and has been mandated by Congress to cover the entire .gov domain by the end of the year.


Johnson requests that the agency reports back to the committee by Sept. 14. The final deadline for Einstein implementation — as is stipulated under federal law for all federal departments and agencies — is not until Dec. 18.

“As you know, last year the IRS suffered a substantial breach. However, tDHS recently told my committee staff that the IRS is either unable or unwilling to implement the statutorily required mandates of integrating all levels of the Einstein network protection tools on the IRS systems and for all IRS data,” Johnson wrote in a letter Thursday.

Because of the valuable personal information of civilians held by the IRS and the agency’s collective history of data breaches, Johnson explained that he believes the absence of Einstein is “concerning.”

Sen. Johnson’s letters follows closely with the return of lawmakers to Capitol Hill for a brief session prior to the election. With a matter of months left before inauguration, federal funding looks to become a legislative focal point — with the National Defense Authorization Act, or NDAA, which governs the defense budget, also still in limbo.

Chris Bing

Written by Chris Bing

Christopher J. Bing is a cybersecurity reporter for CyberScoop. He has written about security, technology and policy for the American City Business Journals, DC Inno, International Policy Digest and The Daily Caller. Chris became interested in journalism as a result of growing up in Venezuela and watching the country shift from a democracy to a dictatorship between 1991 and 2009. Chris is an alumnus of St. Marys College of Maryland, a small liberal arts school based in Southern Maryland. He's a fan of Premier League football, authentic Laotian food and his dog, Sam.

Latest Podcasts