The Census Bureau, after coming under scrutiny last year that it was not doing enough or being transparent enough about its cybersecurity efforts ahead of the 2020 decennial census, has disclosed it will conduct a red team analysis of its systems.
Atri Kalluri, the chief of the decennial IT division, said last month at the regular Census Program Management Review meeting that that the agency recently completed “red team” testing. A red team is an inside group that explicitly challenges an organization’s strategy or ideas and looks at them from the point of view of an adversary to find weaknesses and avoid mistakes.
During the exercise, internal staff members played malicious actors and added fraudulent responses in a copy of 2018 field test data, according to Federal News Network.
The goal was to test the accuracy of the Census Bureau’s self-response quality assurance system, which is designed to spot suspicious incoming data, according to the publication.
How Census Plans to Bolster IT Security
Meanwhile, the Department of Homeland Security will work with the intelligence community and private-sector vendors to launch census-specific threat support “similar to what was provided during the recent elections,” Kalluri said at the meeting.
DHS will perform penetration tests for the bureau and will “go further with a red team assessment to evaluate the collective security of the people, processes and technologies of 2020 systems,” Kalluri said. The agency expects to provide an analysis of the results later this month, according to Federal News Network.
The stepped-up efforts come amid scrutiny of the census. Last summer, 11 former U.S. cybersecurity officials sent a letter to the Commerce Department expressing their concerns about the Census Bureau’s cybersecurity preparations for the count.
The letter was signed by several luminaries from the federal cybersecurity world, including J. Michael Daniel, former cybersecurity for the National Security Council; Matthew Olsen, former director of the National Counterterrorism Center; and Christopher Painter, former coordinator for cyber issues at the State Department.
They wanted more information on whether two-factor authentication will be required for all access to census data, whether such information will always be encrypted while in transit and also while at rest, and how the bureau will use widely accepted cybersecurity measures in general.
Ron Jarmin, the Census Bureau’s deputy director, warned in late January of the threat of a disinformation campaign amid the 2020 count, according to Federal News Network. Steven Dillingham, the agency’s new director, told staff he intends to carry out the nation’s population count with “the most professionalism and integrity possible.”
When it reaches its peak of operations, the Census Bureau expects to have hired more than 1,500 specialists working out of six regional hubs.
“We are engaged in efforts to ensure that this will be a greatly enlarged workforce that will be ready, willing and able to accomplish the mission of the 2020 census — to count everyone once, only once and in the right place,” Dillingham said, according to Federal News Network.