Oversight

GAO finds Census Bureau vulnerable to cyberattack

cyber attack button

A litany of IT shortcomings will put the Census Bureau at the mercy of hackers and other nefarious activity until the agency implements a comprehensive information security program, according to the Government Accountability Office.

A report released Feb. 20 concluded that although the Census Bureau has taken steps to protect the information and systems that support its mission, it has not effectively adopted appropriate information security controls to protect those systems.

Security controls are used to regulate who or what can access the bureau’s systems. Census officials, for example, did not adequately control connectivity to key network devices and servers or identify and authenticate users. They also failed to limit user access rights and permissions, encrypt data, monitor systems and network or ensure appropriate physical security controls were adopted.

The main reason for these flaws is the agency’s lack of a sweeping information security program to ensure controls are effectively established and maintained. The Federal Information Security Management Act requires all agencies to create and adopt an information security program.

The agency also failed to keep certain security management program policies current and had not revised its IT security program and policies since April 2010. Intra-agency guidelines require Census to update its policies at least once a year.

"Until the bureau implements a complete and comprehensive security program, it will have limited assurance that its information and systems are being adequately protected against unauthorized access, use, disclosure, modification, disruption or loss," GAO warned.

About the Author

Camille Tuutti is a former FCW staff writer who covered federal oversight and the workforce.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.