The IRS is paying a premium to support 3,000 servers running outdated Microsoft software – the latest in a series of failures by the agency to properly manage its IT footprint. Until recently, some of those failures placed taxpayer information at risk.

According to a new report from Treasury Inspector General for Tax Administration, the servers continue to run Windows Server 2003. Microsoft ended extended support for the server version in July 2015 but made an exception for the IRS – in exchange for a premium cost. The delay comes despite more than $128 million in software upgrades made by IRS during the past four years to get their IT house in order.

"Upgrading to the new Microsoft workstation and server operating systems is critical because older versions are not supported and regularly patched for security flaws, which makes them more vulnerable to hacking," noted the report, which was conducted as part of TIGTA’s Fiscal Year 2015 Annual Audit Plan. The IRS was hampered by the daunting task of updating 110,000 workstations around the country.

The inspector general reported that 3,000 IRS servers are still operating on Windows 2003 while another 4,100 have been upgraded to Windows 2008. Not a single IRS server was operating on Windows 2012, as testing for the upgrade had only begun in June.

IRS officials assigned a project manager for the server upgrade in March, but TIGTA said "basic planning documents such as budget estimates and deployment schedules are still unsigned and incomplete."

When such massive upgrades are required, the process is often managed by an executive steering committee, which ensures that the upgrades meet information technology and fiscal standards, sets project milestones and allows for adjustment to schedule. But the report said that IRS Chief Technology Officer Terry Milholland decided to personally handle the IT infrastructure upgrade in July 2012 to combat delays.

Delays continued, in part because the IRS identified 6,000 applications running on the XP software that had to be assessed for compatibility with Windows 7. The report also noted that budgetary constraints required officials to update old computers, rather than replace them with new ones that already ran on Windows 7.

IRS reported to TIGTA that in December 2014, all workstations were officially upgraded, eight months after Microsoft ended support to Windows XP. But officials later identified 1,300 computers still operating on the old software, according to inventory records. IRS couldn't confirm, or find, the machines due to inaccuracies in the inventory system, but later provided documentation that the remaining workstations were upgraded.

Any gap in software support could prevent an agency from detecting or mitigating data breaches, increasing the risk of hacking attempts and data loss or corruption due to malware. "When the IRS's data and network are not secured, taxpayer information becomes vulnerable to unauthorized disclosure, which can lead to identity theft," the reported noted.

The inspector general recommended the IRS track and upgrade all of its computers. IRS officials concurred with the recommendation.

Share:
In Other News
Load More