CyberWisdom Safe Harbor Commentary on IRS computer crash:
Based on public information so far, we have no reason to believe that a computer crash that caused the tax deadline of the IRS to delay the submission deadline is a job for hackers, foreign or domestic hackers.
Even so, we can identify some valuable things for those of us who deal with government cybersecurity issues.
First, crashed systems rely on so-called assembly language programming. This is the technology used to communicate directly with computer hardware in the 1950s. The smart person who programs a computer today is unlikely to encounter it or even know it. A programmer used assembly language shortly after leaving the university in 1960 and may be at least 80 years old.
This is a fact. Large IRS mainframes in Massachusetts are less likely to be attacked by older hackers familiar with assembly language and are ready to enter its guts and cause trouble. Today’s computer networks use several generations of more advanced languages and are more likely to be attacked by grandchildren of the assembly language generation.
For the IRS, I think there is a security here.
The IRS did not modernize its computers because they had worked. (Most days, at least not on the tax date). Getting the updated modern machine, all the political, budgeting, bidding, installation, and custom programming required may take longer than the IRS computer scientist’s career. The inflexibility of planning and procurement systems has caused government technicians to frustrate and increase unnecessary costs, depriving all of us of the benefits of technology. (The Federal Aviation Administration, which began planning its NextGen air traffic management system in 2003, now sees some of its benefits and is expected to be fully implemented by 2025.)
For those of us who deal with cybersecurity, this schedule is clearly unacceptable. We and our government and corporate customers are facing many threats, so we can modernize ourselves so much that humans cannot keep up with the status quo. Seventeen threats? You have a slow minute. You need very good network security technology.
Our most modern network security tools use artificial intelligence to monitor threats within the computer network, rank them according to threat levels, and process them. Obviously, advanced technologies like this cannot be planned and installed within ten years. Even the time required to bid on a known system is too long. This means that individual managers within the government must be able to use their expertise and promise to buy the products they need now and put them to use quickly. Can Congress have this flexibility with its micromanagement history? Will the government manager be in trouble due to lack of budget, how to solve the problem and disband it now (reduction of the budget after approval), whether he dares to buy?
Government security managers are part of the problem. We do not have enough manpower at all. The government’s Ice Age civil service system makes it difficult to hire the best candidates before they are snapped up by the private sector. I know this because I did it. I may be the CEO, but I want to sign a candidate that I know to jump on the plane and will soon complete the recruitment. In contrast, government managers must warn candidates of delays, submit several long forms to fill in, wait for the implementation of long-term security review procedures, and hope that candidates will remain there and receive the job within a few months. Usually, the answer is no.
We are all very happy that the hackers are obviously not involved in the IRS crash. Unfortunately, their daily threats to the entire government organization and (or not) the way government works will make their job easier.
Based on what’s public information so far, we have no reason to believe that the Tax Day computer crash which prompted the Internal Revenue Service to delay its filing deadline was the work of hackers, foreign or domestic. Even so, we can identify a few things of value to those of us dealing with cybersecurity in government. There’s safety in that fact. The big IRS mainframes in Martinsburg, W.Va., are unlikely to come under attack by a crew of geriatric hackers who know Assembly Language and are ready to get into the guts of it and cause trouble. Today’s computer networks use languages several generations more advanced and are more likely to be attacked by the grandchildren of the Assembly Language generation. For the IRS, there’s safety of a sort in that, I suppose. The IRS had not modernized its computers because they had worked. (Most days, at least. Just not on Tax Day.) Getting newer, modern machines, with all of the politicking, budgeting, bidding, installation and custom programming required could take longer than the professional lifetime of an IRS computer scientist. Engaging post, Read More…
thumbnail courtesy of thehill.com
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post »