The Census Bureau is catching up on a backlog of delayed IT rollouts and cybersecurity tests, but officials still have a lot more work to do before they kick off the 2020 count, according to a congressional watchdog.
With the 2020 Census set to kick off April 1, bureau officials are working under the gun to finish standing up and testing the 52 IT systems they’ll rely on to enumerate the population. After budgetary issues initially put the bureau’s IT preparations behind schedule, officials “have made progress” in keeping with their revised deployment timeline, though they’re not in the clear yet, the Government Accountability Office said in a recent report.
Auditors found there are still some 15 systems that risk missing deadlines for development, testing or integration. With Census Day six months away, the bureau doesn’t have much wiggle room in their timelines, and officials could be in trouble if they run into any significant issues during the rollout.
“These 15 at-risk systems add uncertainty to a highly compressed time frame over the next seven months,” GAO wrote in the report. “Going forward, it will be important that the bureau effectively manages system risks to better ensure that it meets near-term milestones for system development and testing, and is ready for the major operations of the 2020 Census.”
The systems in question are involved in numerous parts of the Census process, including data collection, customer support and business operations, auditors said.
The bureau also covered a lot of ground in terms of cybersecurity assessments, completing security tests for 48 of its 52 IT systems by October, according to GAO. However, auditors are still concerned that the bureau hasn’t formalized a process for correcting vulnerabilities uncovered during those tests, Nick Marinos, director of GAO’s IT and Cybersecurity office, said in a conversation with Nextgov.
Though GAO voiced concerns about holes in the bureau’s cybersecurity plans in the past, and Marinos said Census officials still haven’t fully implemented the auditors’ recommendations for ensuring security gaps are properly addressed. While the bureau’s cybersecurity efforts are “going in the right direction,” GAO will continue to closely monitor its risk management plans in the months ahead, he said.
“We’re still waiting to see how things go in the next few months to see whether they can overcome all of the risks,” Marinos said, referring to both the bureau’s IT delays and cyber plans. “I don’t think we’re out of the woods.”
Looking beyond tech, the bureau is also struggling to bring on all the employees it needs to conduct the decennial count. Delayed background checks and high rates of attrition are making it difficult for the bureau to hit its hiring goals, auditors said, though officials are taking multiple steps to close the gap.