Government

Census 2020 faces a long list of cybersecurity challenges

The U.S. Census Bureau is in the midst of large-scale technological changes as they prepare for the 2020 count. Now the massive cybersecurity challenge they face are coming into focus.

By Patrick Howell O'Neill

November 17, 2016

The Census Bureau is in the process of leveraging the Internet for its 2020 population count. If that sounds like a futuristic and efficient dream, here’s the nightmarish flipside: Cybersecurity.

Charged with conducting one of the most expansive and impactful collections of personal data on the planet, the technology and security challenges faced by the Census Bureau are big enough, according to a new Government Accountability Office report, that there is “uncertainty” about whether or not the bureau will be ready for the necessary 2018 tests that precede the official count itself. More than half of the 50 new applications and systems to be included in the test either have no delivery date or are set to be finished after the test begins.

In the midst of large-scale technological changes as they prepare for the 2020 count, the Census Bureau shift first made headlines with officials touting cost-savings, effectiveness and inclusiveness as benefits of a move online. Cybersecurity is now a much bigger part of the conversation.

As the census moves online, planners expect a massive wave of phishing attacks against U.S. residents as well as Census Bureau contractors and employees. One facet of the plan to fight phishing is to hire an as-yet-undetermined private company to monitor fraudsters pretending to run official Census Bureau websites. The bureau is also conducting ongoing phishing tests against employees.

The Census Bureau will acquire over 400,000 mobile devices and services for the 2020 count. Enumerators—the counters themselves—won’t be using their own personal devices for the count, a decision made largely for the benefit of information security.

A long list of challenges remain open. The kind of devices the Census Bureau will acquire remains to be seen, the platform the enumerators will use is still in development, key technology positions at the bureau still have to be filled, incident response plans have to be carefully constructed and a massive amount of security training for permanent and hundreds of thousands of temporary employees has to be planned and executed.

Kevin Smith, the Census Bureau’s Chief Information Officer, testified that although “we still have a lot of work ahead of us,” he saw “the foundation to carry out a successful census in place.”

The bureau is working with the Department of Homeland Security, the National Security Agency, the Department of Commerce and private industry for cybersecurity assistance in the lead up to the 2020 count.

“I am very confident in our ability to protect the information and information systems through our current policies and processes,” Smith said. “We will continue to enhance those policies and processes as we implement new tools and technologies to address the evolving threat environment.”