Auditors: IRS should scan servers weekly

The Internal Revenue Service should scan all its computer servers each week to protect against malicious code and software attacks, the Treasury Inspector General for Tax Administration (TIGTA) said in a report released today.

The IRS generally has adequate security controls to prevent and respond to malware attacks and has taken steps to protect its computer systems and taxpayer data from the increasing threat of hackers, TIGTA also said.

The IRS uses automated antivirus software to scan its employee workstations on a weekly basis, but the service did not consistently schedule antivirus scans for servers, the report said. About 89 percent of servers were scanned weekly, with the remaining servers scanned less frequently or not at all, according to the report.

 The IRS’ Cybersecurity Computer Security Incident Response Center responded to 961 malware incidents in calendar year 2008, an increase of 45 percent over the prior year, Michael Phillips, the deputy inspector general for audit, said in the report.

“The introduction of malware on servers is particularly risky because many users access them [servers], making the spread of the malware to other computer systems more likely,” he said.

In addition to scheduling automatic scans of antivirus software on servers, the IRS should make sure that its administrators do not use their IRS accounts to access the Internet, the report noted. The service also should notify employees and their managers when their activity results in a successful malicious code incident, “particularly when the activity is a violation of IRS policy, TIGTA said. The IRS should update employee security awareness training to include the use of portable and removable devices among the common ways in which users can introduce malicious code to the network and its potential effects, the report stated.

Terence Milholland, IRS’ chief technology officer, said in response the service would begin to scan all servers weekly by May 1 and implement regular reminders on Internet access restrictions by Aug. 1. The IRS would start notifying employees and their managers when their activity results in a malware incident, he said.

The report is at

About the Author

Mary Mosquera is a reporter for Federal Computer Week.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.