Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

IRS Can't Update Servers Because It Can't Find Them

October 22, 2015

Now who could make up a title like that? Hat tip to Dave Ries for passing along this story from Nextgov.

The Internal Revenue Service was unable to transition 1,300 of its workstations from Microsoft Windows XP to Windows 7 because the agency couldn’t find them all, according to a report released by the Treasury Inspector General for Tax Administration.

The report describes IRS’ uneven attempt to upgrade 110,000 workstations before Microsoft discontinued technical support for the XP operating system. The report also noted several thousand servers are still running Windows Server 2003.

On the XP upgrade alone, the IRS has spent $128 million since 2011 and has budgeted another $11 million through fiscal 2015. The IG contends outdated workstations – in this case, several years outdated – pose “significant security risks to the IRS network and data, particularly in the environment where a chain is only as strong as its weakest link.”

Earlier this year, the IRS suffered a data breach that compromised 114,000 taxpayer accounts, and old workstations only increase the odds of further data breaches by hackers.

“Approximately 1,300 workstations have yet to be located or confirmed as running the old operating system,” the audit stated. “External hackers or malicious insiders need to locate only the one computer with security weaknesses, such as one with an outdated operating system, to exploit in order to steal data or further compromise other computers.” “The IRS is only halfway through completing its upgrade of its Windows servers to an operating system that is already 7 years old,” the audit stated.

The IRS has approximately 3,000 Windows servers still running the 2003 operating system, while about 4,000 have been upgraded to the 2008 version. The IRS has been in the process of upgrading its existing servers to Windows Server 2012 – which has many additional security improvements, like two-factor authentication – but to date has not upgraded a single server with it.

“The IRS only recently, in March 2015, assigned a project manager over the migration to Windows Server 2012, and basic planning documents such as budget estimates and deployment schedules are still unsigned and incomplete,” the audit stated.

Wow. This gives a whole new dimension to the words "Shadow IT."

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com
http://twitter.com/sharonnelsonesq
www.linkedin.com/in/sharondnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

IRS Can't Update Servers Because It Can't Find Them

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer