Ask federal prognosticators what technology is going to fix
all the government’s problems and most often you’ll hear, “artificial
intelligence.” The Internal Revenue Service is curious whether that’s truly the
case when it comes to securing its internal systems.
The tax agency issued a request for information June 27 looking
for AI and machine learning cloud cybersecurity solutions.
The agency is looking for more than just a threat
intelligence platform, according to request. The ideal software “automatically
and continuously learns the environment,” “triages alerts to reduce false
positives,” “identifies previously unknown threats,” and analyzes all that data
to provide actionable context for security officials.
The analytic machine learning tools should include
multiple, diverse behavioral modes, be able to support near real time and
streaming data sources, manage data from different technological sources—such
as operational technology, internet of things devices and industrial control
systems—and identify new threats without human intervention.
And the agency wants all this with an “intuitive and
flexible” user interface.
The IRS has had its share of security woes. Flaws
in the agency’s “Get Transcript” app allowed hackers to get information on
hundreds of thousands of taxpayers in 2015. An inspector
general audit release last week showed the agency’s response to the
crisis actually created more security vulnerabilities.
The IRS is also dealing with aging infrastructure, like the 60-year-old
system that crashed on Tax Day this year. It’s often difficult to add
new security to older systems, as legacy code doesn’t always integrate with
modern software. The RFI takes this into account in the “cloud questions”
section, which brings up legacy systems.
The cloud section of the RFI also includes several
questions on vendor lock-in and migrating between cloud providers.
The agency will use the market research gathered through this
RFI to build a future contract. Based on initial findings, contracting
officials expect the final request for proposals will ask for:
- Platform availability with actionable results
within 48 hours.
- Guided tier 3/4 investigative services.
- 24/7 security operations center services.
- Cybersecurity evaluations and recommendations.
- Detailed investigation reports and prioritized
lists of events for remediation delivered to customer operations center.
- Full cyber remediation services.
here for the original article from Next Gov.