The US Department of the Treasury, Internal Revenue Service has a requirement for the Cybersecurity Fraud Analytics and Monitoring project.

The Internal Revenue Service (IRS), Information Technology (IT) Cybersecurity organization implemented critical Fraud Analytics and Monitoring capabilities to mitigate serious risks to the IRS. Taxpayer and Tax professional interactions with IRS online applications continue to grow significantly each year, and the IRS continues to expand its portfolio of digital services to its customers. Along with this continued growth, fraudsters continuously probe and develop new schemes to use stolen identity information to access taxpayer Personally Identifiable Information (PII) and file fraudulent tax returns. Recent trends in cyber-related fraud and the misuse of government systems have presented an increasing threat to taxpayer information safeguarded by IRS systems, applications, and databases. The IRS requires continued investment in technology and human capital to process the ever-growing transaction volumes and mitigate the evolving fraud risks.

• The IRS has implemented significant enhancements to its Cybersecurity Fraud Analytics and Monitoring (CFAM) program. This contract shall continue those programmatic successes and ensure the protection of the IRS’s online applications, taxpayers’ data, and tax revenue.
• As the IRS continues to develop and enhance the capabilities of the Cybersecurity Fraud Analytics and Monitoring Team, it is imperative that this capability is provided by leveraging this contract and delivery of the tasks identified below. Specifically, the Fraud Analytics support is expected to ensure that the IRS has a team of forensic analysts and data scientists that are organized, trained, and equipped to do the following:
  • Maintain and continuously improve the near-real-time monitoring posture to detect and treat evolving cyber threats
  • Quick responses, near immediate acknowledgment and initial observations are expected to be reported within one week, to tips, incidents, and suspicious activities
  • Such responses include identification of the threats’ nature, root-cause analysis, and recommendation for immediate action and future mitigation
  • Conduct complex analytics on large transactional data sets to identify anomalous patterns in users’ activity and build and refine predictive models to classify anomalous transactions
  • Conduct deep forensics analysis of incidents and anomalies with log data to identify new use case patterns of behavior and potential attack vectors as input into the predictive analytics, as well as deep analysis of potential anomalous activity isolated by the predictive analysis
  • Review and support the data architecture and data elements design, improvement, analysis, and extract-transform-load (ETL) operation of the entire SADI/CSPs/Applications ecosystem