Lawmaker grouses about cybersecurity delays at IRS

Sen. Ron Johnson (R-Wis.), chairman of the Senate Homeland Security and Governmental Affairs Committee, doesn't think the IRS is getting on the Einstein cybersecurity bandwagon quickly enough.

In a Sept. 8 letter to IRS Commissioner John Koskinen, Johnson said the agency is resisting efforts to install the Einstein network security service offered by the Department of Homeland Security. The Federal Cybersecurity Enhancement Act, which was later incorporated into the Cybersecurity Information Sharing Act, sets a deadline of Dec. 18 for all agencies to have Einstein in place. Einstein is a perimeter monitor that examines traffic for malware, phishing scams and other potentially insecure content.

"DHS recently briefed committee staff that the IRS is either unable or unwilling to implement the statutorily required mandates of CISA of integrating all levels of the Einstein network protection tools on the IRS systems and for all IRS data," Johnson wrote. "According to DHS, the IRS believes, based on other statutes, that IRS is exempt from these statutory requirements."

Johnson said he finds the development especially concerning because of all the confidential data kept in IRS systems and in light of attempts by scammers to breach that data using the agency's public-facing applications.

He wants answers from the IRS no later than Sept. 14.