The tax agency wants to know if the AI and machine learning are mature enough to secure its systems from cyberattacks.
Ask federal prognosticators what technology is going to fix all the government’s problems and most often you’ll hear, “artificial intelligence.” The Internal Revenue Service is curious whether that’s truly the case when it comes to securing its internal systems.
The tax agency issued a request for information June 27 looking for AI and machine learning cloud cybersecurity solutions.
The agency is looking for more than just a threat intelligence platform, according to request. The ideal software “automatically and continuously learns the environment,” “triages alerts to reduce false positives,” “identifies previously unknown threats,” and analyzes all that data to provide actionable context for security officials.
The analytic machine learning tools should include multiple, diverse behavioral modes, be able to support near real time and streaming data sources, manage data from different technological sources—such as operational technology, internet of things devices and industrial control systems—and identify new threats without human intervention.
And the agency wants all this with an “intuitive and flexible” user interface.
The IRS has had its share of security woes. Flaws in the agency’s “Get Transcript” app allowed hackers to get information on hundreds of thousands of taxpayers in 2015. An inspector general audit release last week showed the agency’s response to the crisis actually created more security vulnerabilities.
The IRS is also dealing with aging infrastructure, like the 60-year-old system that crashed on Tax Day this year. It’s often difficult to add new security to older systems, as legacy code doesn’t always integrate with modern software. The RFI takes this into account in the “cloud questions” section, which brings up legacy systems.
The cloud section of the RFI also includes several questions on vendor lock-in and migrating between cloud providers.
The agency will use the market research gathered through this RFI to build a future contract. Based on initial findings, contracting officials expect the final request for proposals will ask for:
- Platform availability with actionable results within 48 hours.
- Guided tier 3/4 investigative services.
- 24/7 security operations center services.
- Cybersecurity evaluations and recommendations.
- Detailed investigation reports and prioritized lists of events for remediation delivered to customer operations center.
- Full cyber remediation services.
Responses to the RFI are due by July 26.