- The FBR has been ordered to explain the hacking of FBR systems.
- Audit found that PRAL was unable to maintain an appropriate and efficient system.
- 990.00 million was spent on services provided by PRAL for the fiscal year/
The Federal Board of Revenue (FBR) has been ordered to provide an explanation for the hacking of the FBR systems, the extensive failure of the data center and E-Portal, and the development of the IT security system upgrade.
The contract signed between FBR and Pakistan Revenue Automation Limited (PRAL) provides for “data security,” according to AGP’s report on the attack of the FBR website. The PRAL will not divulge the information of FBR to any other department, organisation, or tax professional. Additional system security and access control policies and practises that apply to services must be established in accordance with generally accepted data governance principles. In the case of a firewall breach or other actual or potential data security compromise at FBR, PRAL will work closely with FBR to safeguard the data. All listed applications must maintain current firewall and security certifications. The security certification that PRAL obtained for the applications of FBR may not be applied to any other commercial project.
The FBR’s E-portal had experienced a massive breakdown throughout Pakistan due to the hacking of all applications, including the Inland Revenue Information System (IRIS), Integrated Tax Management System (ITMS), Weboc, and One Customs, according to the Chief Executive Officer PRAL Islamabad’s accounts audit for the Financial Year 2020–21.
It is important to note that, in addition to the equipment and assets provided by FBR, Rs. 990.00 million was spent on services provided by PRAL for the fiscal year ending on June 30, 2021.
In addition to the aforementioned, the audit found that PRAL was unable to maintain an appropriate and efficient system in spite of the reasonable finances granted by FBR. It was agreed that firewall and security certification for FBR apps must always be kept up to date in accordance with the data security contract established between FBR and PRAL. PRAL stated that the data center has sufficient firewalls, preventing data theft by hackers. However, there were ongoing system upgrades and improvements.
The AGP highlighted that, upon notification to the AGP, the fact-finding report prepared by the committee describing the significant breakdown of the data center and the FBR e-Portal, duly certified by Member IT, may be provided to audit along with the status of the system’s upgrade.