IRS servers in need of hebdomadal malware scans

A report released last week by the Treasury Inspector General for Tax Administration (TIGTA) after a year-long audit states that servers at the Internal Revenue Service are in need of hebdomadal malware scans, after the agency's Cybersecurity Computer Security Incident Response Center noted a 45% increase in malware infections between 2007 and 2008.

Michael Phillips, deputy inspector general for audit at TIGTA, issued four recommendations for the IRS, all in line with statutory requirements that the agency get a good look from auditors on a regular basis.

In addition to the malware recommendation, the report recommended that administrators be banned from using their privileged accounts to access the Internet; update IRS employee training to mention that thumbdrives and other portable storage can infect machines; and -- this ought to be popular around the office -- notify managers and employees when something they've done results in an IRS malware infection, particularly when the action violates IRS usage policies.

Overall, the report was positive about the IRS's progress in toughening up its security. Auditors found that the agency has made progress in getting and keeping its malware protections current on workstations, with 96% of its client machines updated within two days of a new virus-signature release. But not all the servers are automatically updated, which leads to some nasty lags in protection.

Hebdomadal -- great word, isn't it? -- means weekly (from the Greek, literally "every seven rotations"). The IRS already scans about 89% of their servers weekly, and in a response to the TIGTA report (PDF available here) IRS CTO Terrence Milholland agreed with the findings and said that all servers would be on a weekly automated scan schedule by May 1. Training changes will be in place by August 1, and public floggings notification of personnel when they've gotten a machine infected will commence April 1.