The Commerce Department’s internal watchdog will take a look at the Census Bureau’s efforts to keep the 2020 census secure, the inspector general said in a letter Thursday.
The announcement follows a trail of security concerns about Census Bureau systems for next year’s count from the Government Accountability Office and members of Congress. Next year’s census will allow an online response option for most of the country for the first time, along with traditional mail and phone response.
“Our audit objective is to determine the effectiveness of security measures for select IT systems that support the 2020 Census,” the letter to Census Bureau Director Steven Dillingham said.
A previous IG report found security problems in the Census Bureau’s 2018 field test, showing that a contractor did not fully secure a server system. Thursday’s announced review appears to be broader, with the letter stating that it would work with the United States Digital Services to conduct the audit.
A representative for the Census Bureau did not immediately respond to a request for comment Friday.
Both Democrats and Republicans raised security concerns during July hearings held by the Senate Homeland Security and Governmental Affairs Committee and the House Oversight and Reform Committee.
Sen. Jacky Rosen pressed Dillingham to account for more than 100 potential fixes to census systems that had not been conducted, pointing out that the census will operate on a tight schedule.
“There is a very specific begin and end date here. It is not an ongoing, rolling thing that we always have when we are maintaining software systems,” Rosen said.
Dillingham pointed out that the census has taken action on more than 100,000 identified risks to its systems, and has taken steps to beef up its information technology staff.
“We are making progress, we want to make more progress and do it faster,” he said.
Illinois Democratic Rep. Robin Kelly pushed Dillingham at the House hearing about the IG report on the 2018 field test in Rhode Island. That report found the Census Bureau rushed the implementation of its information technology systems and a contractor left one system vulnerable. There was no evidence of a breach, the report said.
“Corrective actions have already been taken, and more will be put in place before the 2020 census,” Dillingham said.
Republicans on the House panel questioned the security of government contractors, as well as the Census Bureau’s handling of its list of risks. Georgia Rep. Jody B. Hice said the accretion of risks on the bureau’s plate “does not sound like you are on top of the ball here.”
The GAO has raised concerns about the untested new systems and inaction on potential cybersecurity fixes after they had been identified. Nick Marinos, a director in GAO’s IT and cybersecurity team, told members of the House panel in July that the “bureau has more work to do in terms of assessments, but more importantly [to] take those assessments and turn them into corrective action.”
