As per the ongoing investigation done by the Federal Tax Ombudsman (FTO) it was decided that the Federal Board of Revenue’s (FBR) Information Technology Wing (IT Wing) will be audited, according to a media report.
It was learnt during the investigation that confidential and classified data of the FBR web portal had been hacked. FTO in it’s recommendation has directed the FBR to develop security policies and implement international standards for protection against cyber attacks on FBR website. Any kind of cyber attack on the FBR website and data center poses a threat and questions the security of the state.
Moreover it was learnt that Pakistan Revenue Automation Ltd (PRAL) which is a fully owned subsidiary of FBR has no software installed for its network security. In addition a public interest complaint has been filed against FBR and PRAL management.
FTO said that FBR and PRAL’s management have shown neglect and incompetence in their work towards data security, they have been reluctant in discharging their duties and responsibilities.
PRAL data center does not have any International Standard certification. Its last certification has already expired since December 2020.The data center has a systematic flaw and is not equipped with any intrusion detection system.
In it’s compliance report which FBR had submitted to FTO stated that the “PRAL has reinforced ‘ISMS’ policies and procedures in lieu of the ISO 27001 framework. However, FBR has started procurement procedures for security infrastructure which will be installed.
In order to enhance the security features at FBR the new security infrastructure consists of SIEM. PRAL expects to deploy SIEM at the data centers once procurement is completed.
In addition FBR plans that it’s data centers will be ISO-27001 certified this will be possible after a security audit of its data center for which FBR has already awarded a three year contract to a security firm.