The U.S. Census Bureau has an ambitious schedule of system updates planned in preparation for the 2020 census. So ambitious, in fact, that lawmakers are worried about its ability to complete it in time.
Because 2020 will be the first time that the Census will rely more upon the internet than paper, the bureau has to test, roll out and connect 52 separate systems, which is a tall order for the agency. At present, only 60 percent of the systems will be ready to test by 2018, a prospect that worries Rep. Mark Meadows (R-N.C.), chairman of the House Oversight and Government Reform Subcommittee on Government Operations.
“According to what you’ve given us, it doesn’t look like you plan to deliver [fraud prevention] until March 2020,” Meadows said during the Nov. 16 hearing. “It’s very troubling, because we’ve got a 2020 go-live estimate, and you’ve got fraud detection systems, the delivery is March 20, 2020. And then we’ve got … real-time non-ID processing, which says basically ‘is this the real person that is actually coming in and filling it out, and you’ve got a delivery of March 20, 2020 on that one as well. How in the world are you going to test something and plan to go live a month after that with those two critical components? I see that as the crux of why we’re here today.”
“We can’t expect to roll out in 2020 and have any integrity,” he added.
John Thompson, the Census Bureau director, answered that the systems themselves will be ready for end-to-end testing in 2018. The schedule indicates that they won’t be completed until just before launch because it accounts for inevitable updates due to the evolving nature and understanding of the cyber threats.
But David Powner, director of Information Technology Management Issues at GAO, is skeptical.
“The bureau has a history of poor IT delivery, and many of the broader IT initiatives this committee is focused on during this Congress are major challenges at the bureau including appropriate CIO authority, delivering incrementally, having the right governance and accountability of IT acquisitions, and securing systems and information,” Powner said.
Powner said that Census has three major priorities: to oversee the readiness of the systems, improve the IT governance, and better manage the interdependencies of the systems. But the main challenge is that Census Chief Information Officer Kevin Smith may not have the authorities he needs to accomplish these tasks.
Meadows addressed that concern with Smith directly.
“Mr. Powner talked about your assurances with regards to a couple of areas where you don’t have the direct authority but believe that you can deliver,” Meadows asked. “How do you do that when things go wrong? My concern is that when everything’s going right, there’s enough people around to take credit. When they go wrong, then all of a sudden there’s a lot of finger pointing. Should we address that now to make sure that you have the ultimate authority as the GAO would encourage you to have?”
Smith said that his control over the acquisitions and governance over the technological solutions would be enough for him to deliver the best outcomes with the least amount of risk.
Smith also laid out the bureau’s cybersecurity precautions, a major concern considering 2020 will be the first census where online and mobile participation will take precedence over paper. He said that Census is already working with the Homeland Security Department, National Security Agency and other Commerce Department agencies to institute workforce cyber training and evaluations, especially geared toward defending against phishing attacks.
Rep. Carolyn Maloney (D-N.Y.) particularly expressed concern about the safety of personally identifiable information based on Census’ reliance on internet in 2020. She said she wants to avoid another breach on the scale of the Office of Personnel Management.
“We’re concerned about phishing attacks,” Powner said. “Also, if you look at it holistically, you have to also secure the mobile devices. We have cloud services we’re likely going to be procuring; we need to ensure there’s the appropriate level of security with the cloud. And then configuring all the 2020 systems … we’re looking at that for you right now.”
He promised to keep the committee updated on the progress of these issues.
“I do think, the folks at the Census Bureau, it’s a high priority for them,” Powner added. “We talked to the contractors there too, it’s one of the high risk areas, so there’s a heavy focus on it right now.”
Smith said that one way DHS and outside contractors are aiding Census in improving their cybersecurity is by running penetration tests on their systems.
“We want to look at how complete those [penetration tests] are,” Powner said.