GAO Says Cybersecurity is Top Concern for 2020 Census

As the government continues to chip away at a backlog of postponed preparations for the 2020 Census, the head of a top federal watchdog group said Tuesday that cybersecurity remains his biggest concern in the upcoming count of U.S. residents.

Rising costs and constrained budgets have delayed the Census Bureau’s plans for implementing many of the IT systems it needs for trial runs leading up to the 2020 count. The Government Accountability Office reported only four of the 43 IT systems needed for the bureau’s 2018 end-to-end test had been fully developed and tested as of August.

“The main casualty of [these delays] will be reduced testing for security,” Comptroller General Gene Dodaro, who heads the GAO, told a Senate panel. Considering that 75 percent of IT systems in question will contain sensitive information on respondents, inadequate testing could potentially put people’s data at risk, he said.

The 2020 census will also mark the first time respondents can submit forms online. While officials hope this added convenience will induce more people to respond, Dodaro said he’s worried about the risk of people exploiting loopholes on the response site to skew the count.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

Commerce Secretary Wilbur Ross also testified before the Senate Homeland Security and Governmental Affairs Committee, reiterating the need for $4.3 billion in additional funding for the census and assuring lawmakers his agency was taking every step to bolster the security of its IT systems.

External cybersecurity experts found no weaknesses in the bureau’s public-facing systems in 2017, Ross said, and another penetration test has been scheduled for the online self-response site next year. He hopes this next test by the Homeland Security Department “will ensure that our security architecture is sound.”

Ross also said the bureau is working with the intelligence community and other federal agencies to secure their systems and has put 39 different cybersecurity tools in place with the help of contractors. Of these tools, 24 are considered upgrades from the security procedures that were in place for the 2010 Census.

“People are very worried about personal security,” Ross said. “We recognize that’s a very serious problem and we’re doing our best, a) to deal with it, and b) publicize that we’ve dealt with it.”

Earlier this year, GAO designated the 2020 census as a “high-risk” project, and Dodaro confirmed that it’s still considered one of the watchdog’s biggest concerns.

Over the last decade, GAO has made 84 recommendations to the bureau regarding IT development, cost estimation and other factors in the 2020 census. Thus far, 48 recommendations have been closed, seven are currently being addressed, and the remaining 29 have action plans that are being reviewed by GAO, Ross said.