The United States Census has been administered decennially since 1790. This year marks the first year the census can be completed entirely online. In the beginning, there were no policies or laws restricting information sharing. Public opinion on the issue rapidly changed as privacy became a social issue for people and organizations. The U.S. moved to prevent sharing of private information by regulating and punishing direct disclosure. However, indirect exposure has risen with the development of technology and is a prominent issue in our modern world.
External Security Threats
Compromised Respondent Devices
Limiting human error within a secure environment can decrease the risk of a breach significantly. Regarding the Census, Kevin Smith, the Census Bureau’s Associated Director for Information Technology, has stated, “The census is not storing any data on your respondent device, to submit data to the internet self-response tool.” Without the need to encrypt sensitive data on your device, the Bureau instead encrypts it once you submit your data, and when they receive it, making it so that all of your data is protected behind the Bureau’s security.
Impersonation of the U.S. Census Bureau
Proactive identification of rogue websites impersonating the Census Bureau’s website is a priority for the Bureau. This process can be made more efficient with collaboration efforts taking place between government agencies. After identification of these websites, the sites are taken down through federal processes which results in closure. However, these processes take time; therefore, it’s imperative that communication alerting the existence of these websites is made clear in efforts to educate the public. If you suspect that a website may be impersonating the Census Bureau’s site do not use the site. Only https://www.census.gov/ should be used when referencing the official Census Bureau.
Internal Security Threats
Census integrity relies heavily on data security, as a result, the Bureau has implemented mitigation techniques against external threats to prevent data loss or theft. Internal data breaches are more difficult to defend against, subsequently the Bureau monitors their databases constantly. To increase security and discover vulnerabilities before threat actors, they perform routine penetration tests. The encryption practices used with respondent devices also contribute to database security. Overall, the security of census data relies on the Census Bureau’s ability to discover, and patch vulnerabilities in a timely manner. To learn more about how penetration testing can protect your city, visit NuHarbor Security’s website.
The Future of Census Security
Continued technological integration into census systems will likely increase security threats in census databases. The Census Bureau is interested in exploring several cybersecurity solutions in the next decade. For example, the agency wants to move toward real-time cybersecurity assessments and transition off of point-in-time assessments. In May, the Bureau released a Request for Information (RFI) regarding cybersecurity solutions stating:
“Through the use of next generation artificial intelligence and machine learning, the goal is to establish near real-time situational awareness of high value technology and information assets,” the RFI states. “This approach reduces dependencies on point in time assessments while increasing continuous monitoring capabilities.”
The agency has the intent to contract continuous monitoring services for its network security and proactive cyber defense. Penetrative testing across all environments and cyber threat intelligence are also services the agency is interested in incorporating into its cybersecurity strategy, according to the RFI.
The security of census data affects all Americans, and it is important to ensure that the information collected for citizens is safe, to enable privacy and security. To learn more about the census, visit: https://www.census.gov/.