Paul L. Caron
Dean


Thursday, October 15, 2015

TIGTA: 1,300 IRS Computers, 50% Of IRS Servers Are Running Outdated Operating Systems, Putting Taxpayer Data At Risk

Windows FinalSlate, IRS Hasn’t Finished Doing Windows Upgrades Because It Can’t Find a Bunch of Its Computers:

It's hard to muster the strength to talk about Windows XP anymore. In March 2014 it still held 30 percent of operating system marketshare, and now it's down to 12 percent, which shows improvement but is still not zero. Don't forget, XP is 14 years old. Organizations have encountered challenges as they work to eliminate XP from their networks, and (suprising no one) a recent audit shows that the Internal Revenue Service is struggling.

"Inadequate Early Oversight Led to Windows Upgrade Project Delays" is not a confidence-inspiring report title. And the findings of the audit are even more concerning. The IRS has spent $128 million in its attempt to upgrade all computers away from Windows XP and all servers away from Windows Server 2003. But when the Treasury Inspector General for Tax Administration, or TIGTA, conducted the audit between December 2014 and June 2015, about half of the agency's servers and more than 1,000 computers still had not been upgraded.

"At the conclusion of our fieldwork, the IRS had not accounted for the location or migration status of approximately 1,300 workstations and upgraded only about one-half of its Windows servers," the report explains. It's a diplomatic way of saying that a bunch of computers were missing, whether they were hiding in plain sight or in a black-market parts exchange somewhere.

Treasury Inspector General for Tax Administration, Inadequate Early Oversight Led to Windows Upgrade Project Delays (2015-20-073):

Operating systems are critical software on computers that serve as a foundation to allow all other programs, software, and applications to run on the computers.  When an operating system reaches its end of life, companies such as Microsoft stop supporting the operating system, which leaves the systems vulnerable to attack.  For the IRS, the use of outdated operating systems may expose taxpayer information to unauthorized disclosure, which can lead to identity theft.  Further, network disruptions and security breaches may prevent the IRS from performing vital taxpayer services, such as processing tax returns, issuing refunds, and answering taxpayer inquiries. ...

The IRS was unable to upgrade all of its Windows workstations from Windows XP and all of its Windows servers from Windows Server 2003 by the Microsoft end of life deadlines.  At the conclusion of our fieldwork, the IRS had not accounted for the location or migration status of approximately 1,300 workstations and upgraded only about one-half of its Windows servers from the 2003 software version to the 2008 release.  Since April 2011 when the IRS initially started the Windows workstation upgrade project, the IRS spent approximately $128 million to upgrade its Windows workstations and expects to spend an additional $11 million through the end of Fiscal Year 2015.  TIGTA found that the IRS did not follow established policies over project management and provided inadequate oversight and monitoring of the Windows XP upgrade early in its effort.

https://taxprof.typepad.com/taxprof_blog/2015/10/tigta-1300-irs-computers-are-still-running-windows-xp-50-of-irs-servers-are-running-windows-2003-put.html

IRS News, Tax | Permalink

Comments

Not to mention the IRS uses open code software, which even my two dogs could tell you is not a good idea.

Posted by: Dale Spradling | Oct 15, 2015 7:18:29 AM

Obama will blame Bush but only has himself to blame for short term vision. Machines are supposed to be upgraded prior to EOL(end of life). When a machine reaches EOL and is withdrawn from generally available maintenance, the parts to repair the machines also reach EOL and can become scarce if not extinct for old machines. Same goes for software. Companies will use newer more modern code and those older software versions become obsolute quickly. In the modern world, the federal government needs to be ahead of the curve, not behind it. It can become prohibitively more and more expensive the longer you wait or it takes to upgrade. I should know, I work for one of the biggies who provide service agreements.

Posted by: FEDup | Oct 15, 2015 4:37:17 PM

It is very possible that the IRS has the same problem that many businesses experience-ghost assets. Assets are often disposed of without an effective tracking method. It is very possible that a lot of these 1300 workstations have been disposed of and there is nothing to upgrade.

Posted by: gator | Oct 16, 2015 6:19:38 AM