Sensitive taxpayer data at stake: FTO asks PRAL to upgrade security repositories


ISLAMABAD: Federal Tax Ombudsman (FTO) Dr Asif Mahmood Jah discovered systematic loopholes in the security of confidential / classified taxpayer data and asked Pakistan Revenue Automation Limited (PRAL) to develop security policies / infrastructure and to implement international standards for protection against cyber attacks on the Federal Board of Revenue (FBR) website.

Federal Tax Ombudsman (FTO) in landmark investigation found that due to incompetence and incompetence in performing duties by FBR & PRAL, confidential / classified data from FBR web portal was hacked .

According to the details, tax attorney Waheed Shahzad Butt has filed a public interest complaint against key FBR / PRAL position holders, in which after further investigation, FTO Dr Jah concluded that FBR / PRAL does not use any software. to manage its network security policies and FBR filed a false / false statement regarding the period of system disruption, which is also contrary to the position of the Minister of Finance and uses an expired certification.

The FTO Ordinance states: “The above analysis clearly reflects maladministration resulting from the negligence, inattention, delay, incompetence and incompetence of officials of FBR & PRAL, in the administration and performance of assigned tasks and responsibilities. The PRAL data center is not equipped with any Instructions Prevention / Intrusion Detection system, a systematic hardware flaw exposing the security of its database. The PRAL data center does not meet some credible international standards and its certification also expired in December 2020.

Security of taxpayer data: no action taken against PRAL agents

When contacted, Waheed Shahzad Butt told this correspondent that cyber attacks on FBR / PRAL’s key data websites, data and data centers pose a threat that can undermine the security capabilities of an organization. State (Pakistan). This can cause significant economic damage, including crucial ongoing CPEC activities. The brains of this nefarious initiative and all team members including officials working in FBR / PRAL must be removed from Pakistani government services and criminal cases must be registered against each of them for not having Ensured the security of the confidential / classified data of Pakistani taxpayers, only because of their extreme inefficiency, negligence and corrupt practices not to buy computer software and use pirated versions.

Waheed further added that the hack took place at a time when the Cabinet division had also moved its activities online. The same episode has already been unmasked by the FTO in C. No. 507/2013 [2014 PTD 1353 = 109 Tax 1]. Failures in the fight against cyber threats can lead to a national crisis, as it is an integral part of Pakistan’s defense.

FTO has asked the FBR to conduct a full vulnerability assessment of its system in order to avoid such an incident in the future. Adopt solutions designed with security as a top priority, like Cloud Car, which offers protection against widespread system failures and slow operations. PRAL is responsible for developing security policies and security infrastructure using effective security tools such as intrusion prevention and intrusion detection systems, both network and host based. .

Deploy a complete security and incident monitoring (SIEM) solution in its data center. Implement credible international standards (like Uptime Institute Levels II, III and IV) as protection against such a threat in the future, the FTO order added.

Copyright Business Recorder, 2021


Comments are closed.