Census taps Mandiant for cyber assessment
The Census Bureau selected a vendor on a sole-source basis to assess its vulnerability -- and announced plans to hire a CISO.
The Census Bureau wants its computer networks assessed for indicators of compromise to determine steps needed to secure and prevent potential breaches, and has awarded a contract for the evaluation.
The bureau, which plans to employ an unprecedented scale of technology for its 2020 operation, has selected Mandiant on a sole source basis to conduct a cybersecurity assessment.
As the principal source of population, economic and demographic statistics, the census possesses sensitive personal information of respondents, and the theft of that information could negatively impact citizens' willingness to participate in future enumerations.
Mandiant, a FireEye subsidiary primarily focused on cyber forensics and incident response, was selected due to its analytical capabilities and unique familiarity with FireEye products.
The Bureau told FCW the independent assessment was part of its annual requirements for continuous monitoring.
"There have been no identified breaches or attempts detected," a bureau spokesperson told FCW via e-mail. "This cyber-security assessment is an annual cyber-security requirement that is conducted for information systems. It is unrelated to the 2020 Census."
The statement of work outlines the requirements of the contract.
Mandiant, using its own personnel, equipment and resources, will conduct a two-pronged compromise assessment of the Census Bureau's computer systems.
The assessment will analyze the bureau's network traffic and host systems for potential points of vulnerability, inspect each computer system for any indicators of compromise and report progress and findings through daily status reports.
At the conclusion of its assessment, Mandiant will be required to issue an executive summary of actions taken, a remediation plan consisting of short- and long-term recommendations, as well as lists and investigative reports detailing any incidents found to have taken place.
The monetary value of the contract -- a one-year, fixed-price deal that goes into effect Sept. 1 -- was not disclosed.
Additionally on the cybersecurity front, the bureau announced it is looking to hire a chief information security officer, and is accepting applications through Sept. 2. The senior executive service job pays up to $185,100.