Census Bureau Seeks Industry Input on Cybersecurity Acquisitions Strategy for Next Decade

With government watchdogs eyeing its operations, the U.S. Census Bureau issued a request for information as it decides on acquisitions it might make to improve cybersecurity in a number of areas. 

The centuries-old decennial census is being conducted digitally for the first time this year, a herculean effort that is projected to cost $15.6 billion and opened the count to new cybersecurity vulnerabilities.  

“The purpose of this request for information is to provide information to the United States Census Bureau to help determine an acquisition strategy for cybersecurity for the coming decade,” reads the document posted to betaSAM.gov Wednesday. “The USCB believes industry holds the most current and best practices in these areas impacted by cybersecurity and seeks recommendations on how to best acquire the needed industry knowledge and expertise and achieve benefits in accordance with federal requirements.”

The Census Bureau’s cybersecurity posture has received some stern criticism from the Government Accountability Office in the years leading up to the current count. And the RFI is looking for input to address some of the very weaknesses GAO flags.

“There’s a lot more work left to do and we believe that bureau management needs to continue its focus on overcoming key cybersecurity challenges we’ve previously reported on,” GAO’s Director of Information Technology and Cybersecurity Nick Marinos told Nextgov, “including addressing cybersecurity weaknesses within prescribed time frames, combating social media disinformation, and protecting the privacy of respondent data.”        

On timing and visibility issues, for example, the USCB is seeking information on vendors’ ability to provide professional monitoring services for all its technology and information assets “on a 24/7/365 basis,” and how it might also leverage emerging technology.

“Through the use of next generation artificial intelligence and machine learning, the goal is to establish near real-time situational awareness of high value technology and information assets,” the RFI states. “This approach reduces dependencies on point in time assessments while increasing continuous monitoring capabilities.” 

The Census Bureau’s acquisition decisions on cybersecurity, in general, have received significant scrutiny. A December 2019 Reuters report points out the bureau ended up paying much more to contract out services that may have been better accomplished in-house.  

The deadline for responding to the Census Bureau’s RFI is July 15. The deadline for questions is June 5. 

In the meantime, GAO will be preparing its next report, and will continue to examine the bureau’s cyber strategies, including its acquisitions decisions. 

“We continue to monitor the bureau’s efforts in these areas and will be reporting out again soon on their status in the next few months,” Marinos said.