The IRS may not be the first agency one thinks of when it comes to forward-looking technology. Indeed, the Trump administration’s pick to lead the agency told lawmakers at his confirmation hearing in late June that modernizing the IRS IT system and bringing it into the 21st century is one of his top goals.
The IRS is trying to get there. The day before Charles Rettig’s appearance before Congress, the tax collection agency issued a request for information, noting that its cybersecurity division wants to explore the potential of an artificial intelligence and machine-based analytical platform to “proactively detect and respond to cyber- and insider-related threats.” Further, the RFI seeks information on a cloud-based Big Data platform as part of this technology effort.
Specifically, the AI platform will need to support local settings for specific needs and global settings capable of sharing attack sequences between environments. The platform will also need to automatically and continuously learn environments to improve accuracy, triage alerts “to reduce false positives to parts-per-billion events,” identify and track new threats and entities, analyze data and provide context for the alerts and cases used in investigations.
The IRS will gather information from industry and academia, and it will use the results to assess ongoing industry efforts within the identified focus areas. The findings will also help to shape the agency’s path forward for “potential acquisitions to include determination of contractual mechanisms to potentially pursue capabilities.” Submissions for the RFI are due by July 26.
IRS Seeks Machine Learning Tools and Cloud-Based Big Data
The IRS is seeking information on a wide range of technologies as part of the proposed platform, according to the RFI. Those include artificial intelligence, machine learning, cognitive computing, and data analytics techniques and algorithms.
Additionally, the agency is seeking information on capabilities that can be applied in cybersecurity areas at the IRS, such as threat intelligence, insider threat, cyber operations and processing, exploitation and dissemination, and Big Data analytics.
In terms of machine-learning analytics, the IRS is seeking information on a platform that applies multiple diverse modes of behavioral ML analytics, which can be unsupervised, semi-supervised or supervised, to guard against insider threats. The platform should also support “streaming data sources to provide near real-time assessment” and be able to use “near real-time data sources to provide analytic views of correlated activities for near real-time monitoring of cyber threats across government networks.”
The machine-learning tools must also be able to “process, analyze, and identify threats in highly diverse sets of IT data sources” and with operational technology data sources such as Internet of Things devices and industrial control systems. Further, the tools should be able to “identify unknown threats using unsupervised analytic techniques and behavioral-based analytics, along with known threats using external threat intelligence.”
For its cloud-based Big Data platform, the IRS is seeking a Software as a Service system that can be deployed and meet the high baseline requirements of the Federal Risk and Authorization Management Program. The platform must be able to support “forensic search of aggregate archive data;” centrally collect, aggregate and store security log files; and be “fully elastic to accommodate data expansion.”