Cybersecurity

Census servers hacked in 2020

Census 2020 By Maria Dryfhout Stock photo ID: 790714156 

Hackers targeted remote servers at the Census Bureau in January 2020, taking advantage of a publicly available and known exploit to gain access to government systems and create user accounts, according to a watchdog report released this week.

The Inspector General at the Department of Commerce reported that hackers were in the Census system for more than two weeks before being detected, in part because an automated cybersecurity tool was not configured to deliver alerts to incident responders. The attackers were blocked from communicating from the Census servers to their own system due to the bureau's firewalls. However, the bureau’s server logs may have delivered inaccurate information to security operations personnel that may have delayed a timely response, according to the report.

There were additional delays in communicating with the Cybersecurity and Infrastructure Security Agency, which is the lead agency for federal civilian government networks.

The report indicated that regular vulnerability scans of the remote-access servers were not being conducted as recommended under guidance from the Department of Homeland Security's Continuous Diagnostics and Mitigation program.

No census data was accessed in the exploit, the report states. The servers were used by bureau employees to access agency production, development and lab networks.

The report found that Census tech personnel missed the chance to reconfigure the servers ahead of the hack. The vendor (which is unnamed in the report) released a mitigation plan three weeks before the hack took place. The timing and some of the details in the report suggest that the vulnerability in question involved the Citrix Application Delivery Controller.

The servers in question were just a year away from their end-of-support date when the hack took place, and OIG auditors found that all of these servers (the number of servers is redacted in the report) were still online in February 2021.

In reply comments, sent under the signature of Ron Jarmin, acting director of the Census, the agency noted that a patch was not available for the vulnerability right away and that "in mid-January concern escalated when it was discovered that the vulnerability was being actively exploited." At that point, CISA launched an incident response effort, and bureau staff "reacted expeditiously" to CISA's guidance.

Census also noted that "a dependency on Citrix engineers (who were already at capacity supporting customers across the federal government who had realized greater impacts from the January 2020 attack" slowed the bureau's ability to migrate to newer hardware.

The agency acknowledged in reply comments some weaknesses in its formal incident response and after-action review, but noted that it made "numerous improvements … as a result of informal lessons learned following the January 2020 incident."

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


Featured

  • Management
    shutterstock image By enzozo; photo ID: 319763930

    Where does the TMF Board go from here?

    With a $1 billion cash infusion, relaxed repayment guidelines and a surge in proposals from federal agencies, questions have been raised about whether the board overseeing the Technology Modernization Fund has been scaled to cope with its newfound popularity.

  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

Stay Connected