Government Accountability Office (GAO) Director of IT and Cybersecurity Nick Marinos emphasized concerns about the Census Bureau’s IT readiness and cybersecurity ahead of the 2020 census, at a House Appropriations Commerce, Justice, Science, and Related Agencies Subcommittee oversight hearing today.
Census Bureau Director Steven Dillingham opened the hearing by telling subcommittee members that the new technological capabilities the bureau is adopting and looking to implement for the census – including a new option to fill out census forms online – will pave the way to an accurate census count. He added that the 2018 end-to-end test of the census system the bureau will use in 2020 yielded positive results.
“The results, including self-response rates, exceeded projections,” Dillingham said of the test. “The systems worked efficiently, enumerator productivity rose about 50 percent, respondent information was securely encrypted and processed.”
Marinos, however, said that IT systems readiness and cybersecurity are still significant problems the bureau must tackle before conducting next year’s census.
He said the bureau will rely heavily on IT when it conducts the upcoming census, and it will deploy many of the systems multiple times in order to add needed functionality over the course of 16 operational deliveries the bureau has planned. But given the high stakes involved in the census process, Marinos said the bureau has not developed its systems to be fully operational, despite early efforts to hire and train personnel and to test the systems.
“The bureau is at risk of not meeting near-term system development and testing schedule milestones for two upcoming operational deliveries,” Marinos said. “These include deliveries that support … canvasing, which is intended to verify the location of housing units across the country, and internet self-response.”
Marinos also discussed lingering cybersecurity concerns. He said the bureau established a risk management framework for the census, and has worked with the Department of Homeland Security (DHS) to coordinate cybersecurity efforts. But he also pointed out that DHS made 17 recommendations to the bureau to improve its cybersecurity, and Marinos said it’s time for the bureau to act upon them.
“These internal and external assessment activities and their findings are critical, especially since the majority of the bureau’s systems that will support 2020 operations contain personally identifiable information,” Marinos said.
Marinos underscored two recommendations, which were also featured in a GAO report released today, for the bureau to consider as it works to bolster its IT systems and security.
First, the bureau should address its security “to-do list” in a more timely manner, Marinos said, since taking action to tackle cyber security vulnerabilities within specific timeframes can help reduce risk. Second, the Bureau should improve its process to track and complete corrective plans in response to DHS’s recommendations.
“We’re running short on time before key census operations begin,” Marinos said. “Moving forward, it will be vital for the Bureau to devote enough time and effort to complete IT system development activities and address identified security weaknesses in a timely and prioritized way.”
Although representatives mostly focused on issues of having a citizenship question on the census, methods of effectively reaching individuals, and cost estimation processes, when they asked Dillingham about IT and cybersecurity, he maintained that the Bureau had the proper budget, testing, and procedures in place to properly conduct the census.