Federal Board of Revenue’s (FBR) Information Technology Wing (IT-Wing) will be examined by a security firm to undertake a security audit of data centres, as recommended by the Federal Tax Ombudsman (FTO) Dr Asif Mahmood Jah.
This was determined following an investigation by the FTO, which discovered systemic flaws in the security of taxpayers’ confidential/ classified data and directed the FBR to develop security policies/infrastructure and implement international standards to protect the FBR website from future cyber attacks.
According to reports, the FTO discovered in a groundbreaking investigation that the FBR Web portal’s confidential/classified material was hacked because the PRAL failed to properly fulfil its obligations.
According to details, tax lawyer Waheed Shahzad Butt filed a public interest complaint against FBR/ PRAL key position holders, in which FTO Dr Asif Jah concluded that FBR/ PRAL is not using any software to manage its Network Security policies, and FBR has filed a false/ wrong statement regarding the system disrupted period, which is also contrary to the Finance Minister’s stance, and is using expired certification after a thorough investigation.
According to the FTO decision, the abovementioned analysis plainly demonstrates maladministration resulting from FBR and PRAL employees’ indifference, inattention, delay, incompetence, and ineptitude in the administration and fulfilment of assigned tasks and obligations. PRAL’s data centre lacks an Instruction Prevention/ Intrusion Detection system, a serious defect that jeopardises the database’s security. The PRAL data centre does not meet any credible international standards, and its accreditation expires in December 2020.
When reached, Waheed Shahzad Butt warned this reporter that cyber attacks against the FBR/main PRAL’s data websites, data, and data centres represent a threat to the state’s security capabilities.
FBR has submitted a compliance report to FTO which stated that the “PRAL has reinforced ‘ISMS’ policies and procedures in lieu of the ISO 27001 framework. However, they are awaiting security infrastructure, for which procurements has already been initiated.
The process of procurement of security infrastructure is already under way, which also consists of SIEM. Once the procurement is completed, PRAL will deploy SIEM at the data centres which enhanced security features. The FBR (IT Wing) has recently awarded a three years contract to a reputable security firm to conduct a security audit of data centres. After the completion of the audit, FBR Data Centres will be ISO-27001 certified”.
