Census teams up with DHS, intel community to address 2020 cyber threats

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.

Two years out from the start of the first internet-driven population count, the Census Bureau is ramping up its cybersecurity focus, and has awarded the last of its major IT contracts.

Albert Fontenot, Jr., the associate director of decennial census programs, announced the award of the Census Bureau’s field IT contract Friday at the agency’s quarterly program management review.

Advertisement

On Aug. 1, Unisys won the three-year, $102 million contract, and will provide the IT infrastructure to nearly 250 field offices during the 2020 count.

Unisys will also handle the troubleshooting, replacing, repairing, installing, configuring, patching and decommissioning of IT equipment for the decennial count.

Kevin Smith, the Census Bureau’s chief information officer, gave an in-depth look at how the agency plans to defend against internal and external cyber threats.

While Census expects to handle 95 percent of its cybersecurity concerns through commercially available industry solutions, Smith said the agency is working with the Department of Homeland Security and members of the intelligence community to guard against new threats.

“Once somebody’s already done it, industry knows about it, puts it into their product sets. We’re then covered and protected from the known things people do. Not many things happen or have a problem from protecting yourself against the known things. It’s really that 5 percent of the cyberspace that’s unknown,” Smith said. “This is where the federal intelligence community comes in, where they can proactively let us know what things are happening within their realm of tools and resources that typical industry does not know.”

This year, DHS has conducted penetration testing on the Census website, the iPhones enumerators will use when they go door-to-door to follow up with households, as well as the agency’s trove of address canvassing data.

Smith said private-sector industry leaders have also conducted their own penetration tests on the website households will use to respond to the 2020 census.

In addition, Census has worked with agencies in the intelligence community to monitor platforms, including social media sites, for signs of an imminent cyber threat.

“Sometimes being ahead of the game is the best attack and approach. The more that we can know about this unknown area of threats — the things that we may not see initially, but someone has their eyes on it — the better off we’ll be,” Smith said.

Last month, a group of former cybersecurity officials from the White House, DHS, FBI, the National Security Agency, the Office of the Director of National Intelligence, and the State and Justice Departments, wrote a letter to Census expressing their concerns with the state of the agency’s cybersecurity ahead of the 2020 count.

“While the bureau has released a considerable array of materials regarding the 2020 Census and even aspects of its electronic component, to the best of our knowledge none specifies how the Bureau is implementing even the most basic cybersecurity practices,” they wrote.

During the 2020 count, enumerators will use iPhones when they go door-to-door to collect data from households that have yet to respond to the population count. Smith explained that those devices will hold a minimal amount of data.

“Once the enumerator collects the data on the device and hits ‘submit,’ the data is off the device. It is gone, it is removed, it is locked away in a vault inside of the Census [Bureau]. So the exposure of data on this phone is minimal, because there’s not going to be a lot of data on this phone. It’s going to remove itself as soon as it’s connected to the network,” he said.

However, Smith acknowledged that the agency faces a considerable external threat that’s largely out of the agency’s control.

“I, as the Census CIO, am not able to protect your personal device. What I am able to do is make sure once you get to us and our website, that that is protected,” he said.

However, he added that DHS scans all of Census’ publicly accessible systems.

“We have transparency and accountability outside of just the Census looking for this,” Smith said.

In addition, Smith said the agency has taken steps to address insider threats.

“We are continuously going through and educating our employees with a battery of things,” such as phishing emails, he said. “Everyone in the Census — contracting, as well as employees — knows the value of our data, and knows that their responsibilities exist for stewardship.”

Fontenot said the Census Bureau was unable to meet its hiring goal for the 2018 field test in Providence County, Rhode Island. While Census sought to hire more than 1,000 enumerators to knock on doors during the test, which began in April, the agency only recruited 735 enumerators for the job.

“This clearly underscored an important need in 2020, and that’s a strong recruiting campaign as a part of our media efforts and the full engagement of our partnership staff and our partners in our communities to help recruit more field workers,” Fontenot said.

Because of the difficulty in hiring enumerators, Fontenot said the Census Bureau has increased its partnership staff to 1,500 specialists — 500 more than previously expected.