|In the wake of increased concerns over the vulnerability of government data to cyber hackers, the Government Accountability Office (GAO) recently released a troubling assessment of the Census Bureau’s information security controls. The 47 page report focuses on the Bureau’s internal processes and controls over its vast computer and database network. It is literally home to thousands of gigabytes of personal data from Americans and the GAO makes the case in the report that much of it is vulnerable due to poor internal security controls.
The report notes the lack of a “separate dedicated network” for network devices, making them more vulnerable to a cyber-attack on the general network – an attack could go undetected. In addition, “The network intrusion detection system also did not cover several key segments of the network and was running at or beyond its design capacity.” It documents unsecured passwords, weak password guidelines and encryption keys with no password protection. Low-tech security was compromised as well; “one facility routinely disabled the use of access readers.”
In all, the Bureau failed to implement 11 out of 13 “leading practices” for information security as identified by the GAO