Cyber and IT challenges remain as Census resumes operations

Census 2020 By Maria Dryfhout Stock photo ID: 790714156 

The IT systems needed to carry out the 2020 census still face numerous testing challenges and unaddressed critical cybersecurity risks, according to a new audit from the Government Accountability Office.

The report details how the U.S. Census Bureau, which has begun resuming its work after halting operations amid the ongoing coronavirus pandemic, faces a range of new challenges and delays caused by the spread of the virus and resulting lockdowns. Those challenges include communicating "timely, clear and consistent" information for continuity of operations plans to local field offices, meeting previously established targets for self-reporting households, maintaining sufficient staffing levels, monitoring ongoing risks to IT systems and managing disinformation and misinformation campaigns.

The bureau had announced it would resume operations at 211 area offices in all 50 states as of May 29. In advance of that, according to an GovWinIQ analysis, 99% of Commerce spending the week of May 17 (totaling $51.2 million) was dedicated to Census operations and COVID-19. Expenditures included advertising services, laptops and disinfectant supplies.

Addressing outstanding cybersecurity weaknesses in systems expected to be used during the census are a top concern. The audit reveals that as of April 2020, the agency was still struggling to implement more than 234 unaddressed remediation plans for "high" and "very high" risk cybersecurity weaknesses in the 52 IT systems that will be used in the census.

Testing schedules for those systems have also been impacted by the pandemic. An official said told auditors that the bureau "was continuing to assess the risks associated with the COVID-19-related schedule changes to the implementation of IT, including the number of enumerator handheld devices expected to be available and the significant contract support required to conduct the 2020 Census."

For instance, the bureau has purchased an additional 125,000 handheld devices in anticipation of hiring more census workers, but it has not conducted testing to ensure that IT systems can handle the increased workload without degrading overall performance. The agency must also reassess its timeframes for reducing contractor-provided IT servers, storage capacity and software licenses in response to schedule delays associated with the pandemic.

The agency must also deal with a wave of disinformation, misinformation and conspiracy theories—often widely shared on social media—about the purpose of the census.

Earlier this year Sen. Gary Peters (D-Mich.), ranking Democrat on the Senate Homeland Security and Governmental Affairs Committee, wrote to the Bureau and executives at Facebook, Twitter and Google, calling such campaigns "a significant threat" to achieving an accurate count.

"These private organizations are in unique positions to support the Bureau's fight against misinformation disinformation throughout the 2020 Census, including during the awareness, self-response and Nonresponse Followup phases," Peters wrote to U.S. Census Director Steven Dillingham in February.

Auditors at GAO share those concerns, and urge the bureau to further strengthen internal processes while continuing to forge relationships with social media partners to remove misleading content.

Compressed timeframes caused by the pandemic are also likely to impact the quality and processing of data used for delivering congressional apportionment and redistricting. During past counts, census operators could make up to six door-to-door visits to collect information from a non-responsive household. Amid the pandemic social distancing guidelines, such efforts "may be less effective" and impact the quality of data for hard-to-count populations.

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at [email protected], or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


  • Cybersecurity
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    NDAA process is now loaded with Solarium cyber amendments

    Much of the Cyberspace Solarium Commission's agenda is being pushed into this year's defense authorization process, including its crown jewel idea of a national cyber director.

  • Defense
    DOD photo by Senior Airman Perry Aston  11th Wing Public Affairs

    How DOD's executive exodus could affect tech modernization

    Back-to-back resignations raise concerns about how things will be run without permanent leadership in key areas from policy to tech development.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.