Rick Therrien, director of cybersecurity operations at the Internal Revenue Service, said the IRS has made progress in collecting audit logs and has begun automating its cybersecurity response playbooks by merging log data with its security orchestration, automation and response platform, Federal News Network reported Thursday.
“We’ve taken a number of manual playbooks in the past year, and we’ve provided automation to those through our SOAR platform,” Therrien said during a Nov. 16 webinar.
“You have to have the data, but then what’s your response to that data, and being able to do that in a repeatable way, and also being able to do it at the scale of a large enterprise,” he added.
Therrien noted that the IRS has made strides in zero trust adoption, particularly in multifactor authentication, and that over 22 million taxpayers have started using ID.me’s identity service to create IRS accounts online.
“And then internally for everyone who has access to IRS systems, we had them on multifactor authentication for a number of years, but the lift of converting the legacy systems to multifactor is something that we’ve made tremendous strides in the last 12 months,” he said.
The IRS cybersecurity chief talked about the Department of the Treasury’s PROviding Treasury Enterprise Cybersecurity Technology and Services program, also known as PROTECTS, and the IRS’ plan to perform a tabletop exercise on artificial intelligence threats in fiscal year 2024.