Census' Cybersecurity Plan is Full of Holes, Watchdog Says

[InfoSec News <alerts () infosecnews org>]

https://www.nextgov.com/cybersecurity/2019/06/census-cybersecurity-plan-full-holes-watchdog-says/157444/

By Jack Corrigan
Staff Corresponden
Nextgov
June 3, 2019

Federal auditors uncovered numerous holes in the Census Bureau’s plans for 
combating the significant cybersecurity and tech threats facing the 2020 count, 
which could leave officials struggling to respond to disruptions.

The Government Accountability Office found the bureau’s plan for mitigating 
cybersecurity risks during the 2020 Census left out many of the defensive 
tactics officials previously said they would use to defend IT systems from 
attack. For example, the initial plan included no information about how the 
bureau would gather threat intelligence from other federal agencies, something 
officials had long said they planned to do, auditors said in a report published 
Friday.

After GAO pointed out the omission, Census officials updated the plan to 
include threat sharing activities, but it remains “just one of several 
[cybersecurity] services” other agencies are expected to perform on the 
bureau’s behalf, auditors said.

“If the bureau’s plan for mitigating cybersecurity risks to the census omits 
such key activities, then the bureau is limited in its ability to track and 
assess those activities, and to hold individuals accountable for completing 
activities that could help manage cybersecurity risks,” they wrote.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_