Cyber and IT challenges remain as Census resumes operations

The IT systems needed to carry out the 2020 census still face numerous testing challenges and unaddressed critical cybersecurity risks, according to a new audit from the Government Accountability Office.

The report details how the U.S. Census Bureau, which has begun resuming its work after halting operations amid the ongoing coronavirus pandemic, faces a range of new challenges and delays caused by the spread of the virus and resulting lockdowns. Those challenges include communicating "timely, clear and consistent" information for continuity of operations plans to local field offices, meeting previously established targets for self-reporting households, maintaining sufficient staffing levels, monitoring ongoing risks to IT systems and managing disinformation and misinformation campaigns.

The bureau had announced it would resume operations at 211 area offices in all 50 states as of May 29. In advance of that, according to an GovWinIQ analysis, 99% of Commerce spending the week of May 17 (totaling $51.2 million) was dedicated to Census operations and COVID-19. Expenditures included advertising services, laptops and disinfectant supplies.

Addressing outstanding cybersecurity weaknesses in systems expected to be used during the census are a top concern. The audit reveals that as of April 2020, the agency was still struggling to implement more than 234 unaddressed remediation plans for "high" and "very high" risk cybersecurity weaknesses in the 52 IT systems that will be used in the census.

Testing schedules for those systems have also been impacted by the pandemic. An official said told auditors that the bureau "was continuing to assess the risks associated with the COVID-19-related schedule changes to the implementation of IT, including the number of enumerator handheld devices expected to be available and the significant contract support required to conduct the 2020 Census."

For instance, the bureau has purchased an additional 125,000 handheld devices in anticipation of hiring more census workers, but it has not conducted testing to ensure that IT systems can handle the increased workload without degrading overall performance. The agency must also reassess its timeframes for reducing contractor-provided IT servers, storage capacity and software licenses in response to schedule delays associated with the pandemic.

The agency must also deal with a wave of disinformation, misinformation and conspiracy theories—often widely shared on social media—about the purpose of the census.

Earlier this year Sen. Gary Peters (D-Mich.), ranking Democrat on the Senate Homeland Security and Governmental Affairs Committee, wrote to the Bureau and executives at Facebook, Twitter and Google, calling such campaigns "a significant threat" to achieving an accurate count.

"These private organizations are in unique positions to support the Bureau's fight against misinformation disinformation throughout the 2020 Census, including during the awareness, self-response and Nonresponse Followup phases," Peters wrote to U.S. Census Director Steven Dillingham in February.

Auditors at GAO share those concerns, and urge the bureau to further strengthen internal processes while continuing to forge relationships with social media partners to remove misleading content.

Compressed timeframes caused by the pandemic are also likely to impact the quality and processing of data used for delivering congressional apportionment and redistricting. During past counts, census operators could make up to six door-to-door visits to collect information from a non-responsive household. Amid the pandemic social distancing guidelines, such efforts "may be less effective" and impact the quality of data for hard-to-count populations.