Top officials at the IRS who oversee cyber security are exiting left and right as a result of slow bureaucracy.
In a hearing for the House Subcommittee on Research and Technology on Thursday, IRS Commissioner John Koskinen revealed that the official overseeing cyber security for the IRS departed “a few weeks ago,” adding:
“He was one of the people on streamlined critical pay and without the authorization, we are trying to fill that spot.”
In addition, IRS Chief Technology Officer Terence Millholland will be leaving the agency in the coming weeks “because of the expiration of streamlined critical pay.”
Streamlined Critical Pay is part of the IRS Restructuring and Reform Act of 1998, which authorized the agency to hire individuals with “extremely high-level expertise” in a number of different fields; however, those hires are limited to four years.
Because of their limited budgets, those salary ranges can fall short of private sector competition.
When Rep. Barbara Comstock (R-VA) asked “whether the cyber security leadership has left the building,” Koskinen insisted that the IRS has “people replacing them internally,” but Congress needs to reauthorize the hires of high-skilled information technology (IT) experts.
The IRS routinely loses potential candidates and IT personnel to the private sector, which stems from bureaucratic hiring processes, among other problems.
“We find good people in the private sector and say ‘if you’ll sit there for three to six months while we work you through the process, and fill out the applications, we’ll be able to hire you.’”
Employees already at the IRS are poached by private companies, adding to the stress of maintaining a ready and capable staff.
A spokesperson for the IRS did not respond to inquiry from Independent Journal Review as to the frequency at which cyber security personnel are poached by the private sector.
While the cyber security division of the IRS appears to have a rather fluid staff, according to Koskinen's testimony, it is not the result of insufficient funding.
Though the IRS has undergone a series of budget cuts in recent years, more than $200 million in IT alone, Koskinen maintained that it has not affected security operations.
“We’re down 15,000 people. We’ll be down 17,000 people over the last five years because of budget cuts. Cyber security staff — the IT staff in fact — has gone up somewhat.”
Koskinen also told the committee that in the wake of a massive data hack at the Office of Personnel Management, American taxpayer information is secure.
But Rep. Lamar Smith (R-TX), who chairs the House Committee on Science, Space, and Technology, insisted otherwise. Smith reference a GAO report released that showed only nine of the GAO's 28 previous recommendations for bolstering security, adding:
“The past year’s IRS breaches are especially troubling. Taxpayer data was fraudulently accessed, not through a forcible compromise of the computer systems, but by hackers who correctly answered security questions that should have only been answerable by the actual individual.”
The security problems in place for the IRS are vast but held at bay by the agency's thinly-stretched cyber security team. However, the members of Congress who questioned Koskinen want more to be done.
“As someone whose information was compromised in last year’s OPM hack, I assure you, more security is better than less,” Comstock said.