Making sure the 2020 census remains accurate and trustworthy is a top priority for the Department of Commerce. To that end, the Census Bureau is implementing technology to streamline collating the data. With new technology comes new issues, and according to a new report from the Department of Commerce’s Office of Inspector General, this program has a few. Fred Meny, assistant inspector general for audit and evaluation at Commerce OIG, says that the bureau has some cybersecurity problems they need to look into.
“Our first finding in the report really focused on not understanding what is actually involved from the bureau’s standpoint with regard to securing root user accounts. These root user accounts, are unlimited accounts that have privileges where you can go modify any other environment that is hosted on a cloud. The problem that we found was that the root user keys had been lost,” Meny said. “In other words, the GovCloud environment has a reseller who sells these keys to the federal agencies and then you create other accounts for administrators and so on and so forth for privileged use. The original keys, some going back two years prior to the start of our work, had not been found. Not knowing where those keys were, laid the potential for anyone that would find them… to go in and modify and make changes which would have potentially [put the census] at a catastrophic risk.”