History will be made on April 1, 2020. For the first time, the United States Census will offer a full internet response option, in addition to traditional paper responses. The digitization of the census is meant to address the challenges of counting an increasingly large and diverse population, while also complying with strict cost constraints imposed by Congress. But as with most technological breakthroughs, there are plenty of risky implications.
Although a first for the U.S., other countries have hosted censuses online before. Most notably, the 2016 census in Australia involved the country being hit with a DDoS attack that brought down the system for 40 hours and caused a plethora of networking issues.
Luckily, no data was compromised, but as the U.S. gears up for its inaugural online census, there is pressure to get it right. Security experts and citizens alike find themselves asking the tough questions: Do we truly understand the risks involved in an online census? How can we prepare to face potential security concerns, and what happens if we fail to do so?
High Risk, High Reward
It’s critical that both citizens and government agencies are aware of the potential cybersecurity threats that exist with this transition. From compromised respondent devices to disrupted network access and data breaches, there’s plenty of room for error.
Any online operation that is nation-wide, has a strict deadline and involves sensitive data faces some major technical challenges and malicious cyber threats. Given the important implications of the census for the U.S. government and its population, the most immediately concerning are attacks and vulnerabilities that impact the quality or security of the data in inconspicuous ways:
- Spoofing the census website in a handful of regions by attacking the caching name servers and altering some of the responses could pose a significant threat. It is hard enough to spot spoofing of known websites, let alone those we are not used to seeing.
- Compromised network access is a less malicious but still damaging possibility, should the U.S. Census Bureau’s IT infrastructure be lacking. If the infrastructure is not equipped to be secure and reliable, the results of the census could be skewed.
- Data theft isanother threat that would not impede or alter the results of the census, but instead put U.S. citizens at risk. Such a concentrated amount of information on U.S. residents would be valuable to many actors. A breach of this database and theft of data may be timed after the census has concluded because IT personnel may be more likely to let their guards down after a tense period of vigilance.
There are certainly plenty of risks, but there are also steps and precautions that we can take now to keep anticipated threats at bay and ensure an accurate, secure census in 2020.
Hope for the Best, Prepare for the Worst
It’s true that the U.S. Census Bureau has had a decade to prepare, but in today’s cyber landscape, new threats and attack vectors are being developed that can’t always be foreseen. With so much at stake, professionals are working around the clock to identify potential mishaps and develop security strategies and mitigation plans.
In terms of precautions, there are several critical actions that can be taken to protect our data and prepare for a successful and reliable census. First and foremost, we must ensure that our internet service providers are not vulnerable to DNS hijacking attacks and that all collected data is encrypted, both at rest and in transit, in ways that are very difficult to decrypt.
Specifically, making sure the internal and external networks have next generation firewalls and advanced threat protection capabilities will mitigate the risks of compromised network access, impersonation of U.S. Census Bureau websites and data breaches.
In addition to the precautions government entities must take, there is one important thing the average citizen can do to protect their data – be aware of the timelines of the census and suspicious of any phishing emails you receive prior to April 1 or afterwards, asking for similar information as the census. Any email purporting to be from the Census Bureau requesting financial information, social security numbers or specific birth dates, for example, should be reported to the FBI’s internet crime center.
But what happens if we fail to adhere to these precautions? What is the potential fallout?
Addressing the “What ifs”
The census holds extreme importance, in that it helps ensure citizens’ voices are heard and everyone is represented. It has major implications for public decision-making processes, including divvying up seats in Congress, dispersing public funding and planning for Social Security.
If not properly prepared, we risk inaccurate, unclear or untrusted census results. In this scenario, the faulty data would still be used to make decisions on redistricting maps and funding allocations for community services and other crucial programs that citizens need to thrive and prosper.
The Government Accountability Office (GAO) has issued seven recommendations for managing the risk associated with conducting an online census, all of which are key to the program’s success and integrity. However, with just half a year to go until Census Day, it’s time to move beyond recommendations for planning and into action.
By placing a renewed focus on the technology vendors and supply chains being used by government agencies, and educating and preparing citizens across the country, we’ll be well on our way to a successful 24th U.S. Census.