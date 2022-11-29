While the Internal Revenue Service (IRS) has taken grief over the years for aspects of its IT capabilities and is embarking on a new modernization campaign, a new agency inspector general report is coming in with some good news about one aspect of the IRS’ cybersecurity defenses: ransomware.

According to a Nov. 23 report from the Treasury Inspector General for Tax Administration (TIGTA), the IRS has done an overall good job with “effectiveness of controls to respond to and recover from malware (ransomware) attacks.”

“TIGTA reviewed IRS policies and procedures related to Incident Response Plan requirements and determined they were generally consistent with National Institute of Standards and Technology guidance,” the IG report says.

“IRS officials state there have been no successful ransomware attacks against the IRS prior to June 2022,” the report says.

The publicly available IG report does state that IRS reported one unsuccessful attack against the agency, although some of the information about that was redacted from the report. The attack was identified by the IRS’s Computer Security Incident Response Center (CSIRC) and the proper precautions were taken, the report says.

“CSIRC personnel analyzed the website browsing log and identified website traffic patterns consistent with ransomware, and then removed the computer from the network,” the IG said. “We compared the details of this incident response report against current policies and procedures and determined that the CSIRC took appropriate actions to resolve the incident.”

The report covers an examination of the following points: