Now who could make up a title like that? Hat tip to Dave Ries for passing along this story from Nextgov.
The Internal Revenue Service was unable to transition 1,300 of its workstations from Microsoft Windows XP to Windows 7 because the agency couldn’t find them all, according to a report released by the Treasury Inspector General for Tax Administration.
The report describes IRS’ uneven attempt to upgrade 110,000 workstations before Microsoft discontinued technical support for the XP operating system. The report also noted several thousand servers are still running Windows Server 2003.
On the XP upgrade alone, the IRS has spent $128 million since 2011 and has budgeted another $11 million through fiscal 2015. The IG contends outdated workstations – in this case, several years outdated – pose “significant security risks to the IRS network and data, particularly in the environment where a chain is only as strong as its weakest link.”
Earlier this year, the IRS suffered a data breach that compromised 114,000 taxpayer accounts, and old workstations only increase the odds of further data breaches by hackers.
“Approximately 1,300 workstations have yet to be located or confirmed as running the old operating system,” the audit stated. “External hackers or malicious insiders need to locate only the one computer with security weaknesses, such as one with an outdated operating system, to exploit in order to steal data or further compromise other computers.” “The IRS is only halfway through completing its upgrade of its Windows servers to an operating system that is already 7 years old,” the audit stated.
The IRS has approximately 3,000 Windows servers still running the 2003 operating system, while about 4,000 have been upgraded to the 2008 version. The IRS has been in the process of upgrading its existing servers to Windows Server 2012 – which has many additional security improvements, like two-factor authentication – but to date has not upgraded a single server with it.
“The IRS only recently, in March 2015, assigned a project manager over the migration to Windows Server 2012, and basic planning documents such as budget estimates and deployment schedules are still unsigned and incomplete,” the audit stated.
Wow. This gives a whole new dimension to the words "Shadow IT."
E-mail: firstname.lastname@example.org Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology