New cybersecurity concerns over census
Lawmakers are raising concerns that the upcoming 2020 census, which people are expected to fill out primarily online for the first time, is opening the door to potential cyber vulnerabilities.
These vulnerabilities were in the spotlight on Capitol Hill on Tuesday as the Senate Homeland Security and Governmental Affairs Committee held a hearing to examine the security of the census, which residents will be able to complete online, over the phone or on paper.
The hearing featured testimony from top officials from the Government Accountability Office (GAO), which has added the Census Bureau to its list of “high risk programs” due to cybersecurity and information technology shortfalls.
“Although the Bureau has taken initial steps to address risk, additional actions are needed as these risks could adversely impact the cost, quality, schedule, and security of the enumeration,” Nick Marinos, the director of Information Technology and Cybersecurity at GAO, and Robert Goldenkoff, the director of Strategic Issues at GAO, said in their written testimony.
Concerns center around the security of personal data involved in the census, and around securing systems against threats from foreign nations. The anxiety echoes some of the worry surrounding cyberattacks from foreign actors during the upcoming presidential election.
Specifically, GAO identified more than 330 “corrective actions” in regard to securing the census against cyber incidents as of May, with the Census Bureau telling the GAO that 104 of these actions are “delayed” for reasons unrelated to technical issues or resources.
When questioned by committee Chairman Ron Johnson (R-Wis.) as to the overall readiness of the Census Bureau for the 2020 census, Goldenkoff said that “if the Census Bureau gets the response rate, and that there is no cybersecurity incident or IT shortfall, I think the Census Bureau will be positioned for a cost-effective headcount. I don’t think we’re looking at disaster, but I think there is a lot of work needed going forward.”
But Census Bureau Director Steven Dillingham, another witness, insisted that the agency is prepared to secure the personal data involved in the census.
“Our cybersecurity program is designed to adapt and respond to a changing threat landscape,” Dillingham said.
Dillingham acknowledged that while the Bureau has a “continuity of operations” plan in the event of a cyberattack impacting computer systems, it is still working on a plan for what to do in the event of a “catastrophic” cyberattack that takes down broad swaths of the system.