The U.S. Census Bureau has refuted an Office of the Inspector General
report detailing the bureau's cyber vulnerabilities based on a recent "red team exercise," according to The Record
, a news site by cybersecurity firm Recorded Future.
Such an exercise conducted by the Census Bureau has reportedly allowed red teamers to secure unauthorized and undetected domain administrator access to employees' personally identifiable information, including names, home addresses, and Social Security numbers, the redacted OIG report revealed. The Census Bureau was also found to have leveraged "insecure programs", as well as have 11 security weaknesses.
"The hackers' success came from exploiting a known vulnerability, and our office reported on this incident in an August 2021 report. In light of that incident, we launched a cyber red team to provide a realistic assessment of the Bureaus susceptibility to advanced cyber threats," said the OIG.
However, the Census Bureau did not have its system accessed during the simulated attack, according to a spokesperson.
"During this exercise, the security firm identified areas of improvement and we are already taking action to make our robust cyber network even stronger. The bottom line: the contracted security firm was unable to access our system until we gave the red team the necessary access to complete the assessment," said the Census Bureau spokesperson.