Shows & Panels
Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- American Readiness: Renewable Power and Efficiency Technologies
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal News Radio's National Cyber Security Awareness Month Special Panel Discussion
- Federal Tech Talk
- The Future of Government Data Centers
- The Future of IT: How CIOs Can Enable the Service-Oriented Enterprise
- Government Perspectives on Mobility and the Cloud
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Mitigating Insider Threats in Virtual & Cloud Environments
- Modern Mission Critical Series
- The New Generation of Database
- Reimagining the Next Generation of Government
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Air Traffic Management Transformation Report
- Cloud First Report
- General Dynamics IT Enterprise Center
- Gov Cloud Minute
- Government in Technology Series
- Homeland Security Cybersecurity Market Report
- National Cybersecurity Awareness Month
- Technology Insights
- The Cyber Security Report
- The Next Generation Cyber Security Experts
Shows & Panels
Monday - Friday, 4-7 p.m.
In Depth with Francis Rose features daily interviews with top government executives and contractors. Listen live from 4 to 7 p.m. or download his archived interviews below.
Delayed software updates leave IRS computers prone to hackers, auditors say
Thursday - 11/1/2012, 8:10pm EDT
Thousands of IRS computers could be prone to cyber intruders because officials aren't updating software in a timely manner, according to a report from the Treasury Inspector General for Tax Administration.
Because hackers often exploit glitches in existing software to gain access to systems, software manufacturers frequently release patches, or fixes, for these bugs once they've been discovered.
Large organizations, such as the IRS, employ a process called patch management to stay on top of when software needs to be updated and to install the patches.
While it sounds mundane, leaving software unpatched is one of the main avenues through which hackers access normally protected systems.
"Any significant delays in patching software with critical vulnerabilities provides ample opportunity for persistent attackers to gain control over the vulnerable computers and get access to the sensitive data they may contain, including taxpayer data," the TIGTA report stated.
However, IRS has long struggled to effectively implement a patch-management process, auditors wrote.
While IRS has made strides recently in automating software updates and staying cognizant of when patches are needed, shortcomings still plague those efforts, TIGTA said. For example, IRS has not yet completed an accurate inventory of its IT equipment and thus can't determine whether all systems have been patched.
The auditors recommended IRS complete its inventory of IT assets. More broadly, the IG called for "enterprise-level oversight and leadership," to enforce policies for ensuring software patches are implemented.
IRS agreed with most of the recommendations. It said it planned to update its patch management policy to be clearer about installation standards and deadlines. The revised policy also puts the cybersecurity division in charge of ensuring agencywide compliance.
The report, dated Sept. 25, was first publicly released Thursday.