A recent hack exposing millions of people's background check information could undermine the Commerce Department's ability to collect data for the 2020 census, an official said this week.
The department is "concerned" about the census because the Office of Personnel Management hack diminished public trust in the federal government's ability to protect sensitive data, Rod Turk, Commerce's chief information security officer, said during a panel in Washington.
Citizens may ask, "if the federal government cannot keep my data from a security clearance, why should I tell you my census data?" Turk said.
"Public trust is significant in this regard," he added. "We're well aware of it."
The department is "laser focused" on three main cybersecurity priorities for the upcoming year, according to Turk:
- Using the Continuous Diagnostic and Mitigation program, designed to identify cyber risks;
- Blocking phishing campaigns that use seemingly legitimate email communication to extract sensitive information such as passwords from recipients; and
- Advancing its Personal Identity Verification cards system that employees would use to gain access to certain assets.
Despite discussion about "whether or not training and using anti-phishing exercises have any efficacy," Turk said, "the fact of the matter is that most incursions into our environments come from phishing expeditions."
He added that the department is trying to to develop a "cybersecurity culture" throughout the organization, meaning "everybody in the department" is trained on, and takes responsibility for, cyber hygiene.