SPONSORED:

Lawmakers grill Census Bureau officials after report on cybersecurity issues

Lawmakers grill Census Bureau officials after report on cybersecurity issues
© iStock

Lawmakers grilled top Census Bureau officials on Wednesday about the cybersecurity of the 2020 census, which kicks off nationwide next month and marks the first time that Americans will be able to fill out the form online.

Officials are facing new urgency over the issue after the Government Accountability Office (GAO) released a report earlier Wednesday highlighting cybersecurity concerns and following the breakdown of the app used by the Iowa Democratic Party to count votes in the state's caucuses last week.

Those issues were front and center during a House Oversight and Reform Committee hearing on Wednesday that featured testimony from Census Bureau Director Steven Dillingham and GAO officials.

ADVERTISEMENT

According to the GAO report, the bureau faces “significant cybersecurity challenges in securing its systems and data.” The report said the Census Bureau, one month before the online launch, still has to fix identified cyber vulnerabilities, implement Department of Homeland Security recommendations and ensure that collected information is safe from data breaches. 

Nick Marinos, the director of IT and cybersecurity at GAO, told lawmakers the bureau still has work to do before the census goes live.

“The technology innovations that the bureau intends to rely on for the 2020 census create opportunities for efficiency and effectiveness of the count,” Marinos said. “However, they also bring with them significant cybersecurity and IT risks. Ultimately the success of operations in the upcoming months will be directly tied to how the Bureau continues to manage these risks.”

The clock is ticking. The census will be available to fill out online beginning in mid-March, while the bureau plans to send out census forms to most U.S. households by April 1. The 2020 census formally kicked off in January, when officials from the bureau visited a remote town in Alaska to personally collect census information, which includes ages, dates of birth, and addresses. 

Those cyber challenges were highlighted in Australia in 2016 when the country's online census website crashed after multiple foreign “denial of service” cyberattacks. The Australian Bureau of Statistics was forced to take down the website temporarily in order to secure the data.

ADVERTISEMENT

Ahead of the hearing Wednesday, Dillingham and Census Bureau Deputy Director Ron Jarmin detailed in a blog post the steps the agency has taken to protect the census, including the creation of “secure data collection systems” and having security experts available to assist “24/7.”

Dillingham said Wednesday that the Census Bureau has adequately prepared for potential cyber issues and had prepared enough paper forms for every person in the country to complete the census if the online option fails.

“All 2020 census IT systems have been successfully tested or deployed and are on track,” Dillingham said, adding that “we have a high degree of confidence.”

But lawmakers were skeptical of those claims, citing the GAO report and the debacle in Iowa.

“Cybersecurity is going to have to be a top priority for you all,” Rep. John SarbanesJohn Peter Spyros SarbanesBottom line Congress must finish work on popular conservation bill before time runs out Congress must enact a plan to keep government workers safe MORE (D-Md.) said during the hearing. “If ever there was a juicy target for those who want to hack in and sow discord and all the rest of it, it would be our 10-year census where we are putting it online like never before.” 

Committee Chairwoman Carolyn MaloneyCarolyn Bosher MaloneyHouse Democrats subpoena private prison operator in forced hysterectomy case Overnight Health Care: Biden team to begin getting COVID briefings | Fauci says he would 'absolutely' serve on Biden's COVID task force | Major glove factories close after thousands test positive for COVID-19 House Oversight panel asks Purdue Pharma's Sackler family to testify over opioid crisis MORE (D-N.Y.) highlighted both cybersecurity concerns and challenges in recruiting enough census workers, which she warned could “cause grave harm to this year’s census and could jeopardize a complete and accurate count.”

Rep. Mark MeadowsMark Randall MeadowsThe Hill's 12:30 Report: Trump holds his last turkey pardon ceremony Overnight Defense: Pentagon set for tighter virus restrictions as top officials tests positive | Military sees 11th COVID-19 death | House Democrats back Senate language on Confederate base names Trump administration revives talk of action on birthright citizenship MORE (R-N.C.), who sits on the committee, told The Hill he had been concerned about the cybersecurity of the census “for years.” He said the census website was more “complex” than the app used in Iowa and therefore has “a lot more chances for cyber intrusions.”

Those concerns are shared across the Capitol.

“I think the idea that we ought to be using 21st century tools to make sure we get the most people counted makes a lot of sense, but I want to really look into specific cybersecurity concerns,” Sen. Mark WarnerMark Robert WarnerHarris shares Thanksgiving recipe: 'During difficult times I have always turned to cooking' Biden leans on foreign policy establishment to build team Trump relents as GSA informs Biden transition to begin MORE (Va.), the top Democrat on the Senate Intelligence Committee, said.

The GAO report released Wednesday was the second in under a year by the agency regarding the census. A report released last year also raised concerns about the security of the online count. 

When the last report was released, the bureau had 330 cyber “corrective actions” that had not been addressed, but in the most recent report, GAO said the bureau had not addressed 28 of its overall recommendations for improving the 2020 census.

Dillingham said the bureau was constantly performing risk management tasks assessments that brought up more issues. 

“The Census Bureau engages in a very sophisticated risk management process,” Dillingham said. “The whole concept of risk management is to always be looking for a risk. ... We will never, in my opinion, not have a risk list. We will always have risk.”

Despite the assurances by Dillingham, Maloney said the committee would continue to conduct oversight hearings of the Census Bureau as the year progressed. 

“The GAO report shows that there are simply too many gaps, red flags that are out there in the hiring, in the partnerships, in technology testing and in cybersecurity,” Maloney said. “We have to respond to these red flags that are thrown up by GAO, and if these gaps are not filled, it is our most vulnerable citizens who will suffer.”