Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

IRS offers security assurances

From: InfoSec News <isn () C4I ORG>
Date: Wed, 21 Mar 2001 03:08:55 -0600
http://www.fcw.com/fcw/articles/2001/0319/web-irs-03-20-01.asp

BY Judi Hasson
03/20/2001

Despite a critical report revealing security gaps in the Internal
Revenue Services electronic filing system, the IRS is confident that
the problems have been fixed, and the system is being upgraded.

A report from the General Accounting Office last week stated that
government investigators were able to hack into the IRS computer
system last year and access Social Security numbers and other
sensitive information from electronically filed tax returns.

But IRS Commissioner Charles Rossotti, in a letter to GAO, assured
auditors that the tax agency has worked hard to fix the flaws in its
e-filing system.

Rossotti said that the IRS has increased its security program in the
past 10 months and improved its infrastructure. The IRS also is
working to create a better computer security incident reporting system
and better detection of intrusions, he said.

"To put it simply, taxpayers can feel safe and secure using e-filing
during the 2001 filing season. We have strengthened our systems
security, and we will remain vigilant to keep our e-filing process the
safest possible," Rossotti said.

GAO said its hackers were able to gain access because the IRS had not
used adequate password management practices or encryption technology
for online transactions.

Although Rossotti said the IRS had no evidence that real break-ins had
occurred, the GAO report said that the tax agency did not have the
right system in place to detect intrusions.

"The road to a secure e-filing system still has a lot of potholes in
it," said Pete Sepp, spokesman for the National Taxpayers Union, a
watchdog group.

"One of the reasons why e-tailers have had trouble attracting
customers is the fear of security. That translates doubly so to tax
filing. If you are concerned about turning over your credit card
number, imagine the fear over sensitive tax data being compromised,"
he said.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Previous By Date Next
Previous By Thread Next

Current thread: