Auditors: IRS should scan servers weekly

The Internal Revenue Service should scan all its computer servers each week to protect against malicious code and software attacks, the Treasury Inspector General for Tax Administration (TIGTA) said in a report released today.

The IRS generally has adequate security controls to prevent and respond to malware attacks and has taken steps to protect its computer systems and taxpayer data from the increasing threat of hackers, TIGTA also said.

The IRS uses automated antivirus software to scan its employee workstations on a weekly basis, but the service did not consistently schedule antivirus scans for servers, the report said. About 89 percent of servers were scanned weekly, with the remaining servers scanned less frequently or not at all, according to the report.

 The IRS’ Cybersecurity Computer Security Incident Response Center responded to 961 malware incidents in calendar year 2008, an increase of 45 percent over the prior year, Michael Phillips, the deputy inspector general for audit, said in the report.

“The introduction of malware on servers is particularly risky because many users access them [servers], making the spread of the malware to other computer systems more likely,” he said.

In addition to scheduling automatic scans of antivirus software on servers, the IRS should make sure that its administrators do not use their IRS accounts to access the Internet, the report noted. The service also should notify employees and their managers when their activity results in a successful malicious code incident, “particularly when the activity is a violation of IRS policy, TIGTA said. The IRS should update employee security awareness training to include the use of portable and removable devices among the common ways in which users can introduce malicious code to the network and its potential effects, the report stated.

Terence Milholland, IRS’ chief technology officer, said in response the service would begin to scan all servers weekly by May 1 and implement regular reminders on Internet access restrictions by Aug. 1. The IRS would start notifying employees and their managers when their activity results in a malware incident, he said.

The report is at

About the Author

Mary Mosquera is a reporter for Federal Computer Week.


  • Workforce
    The Pentagon (Photo by Ivan Cholakov / Shutterstock)

    Esper says he didn't seek the authority to gut DOD unions

    Defense Secretary Mark Esper told lawmakers he was waiting for a staff analysis of a recent presidential memo before deciding whether to leverage new authority.

    pentagon cloud

    Court orders temporary block on JEDI

    JEDI, the Defense Department’s multi-billion-dollar cloud procurement, is officially on hold, according to a federal court announcement Feb. 13.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.