The Department of Commerce is racing to meet deadlines leading up to the 2020 Census. The numbers produced by the 2020 Census will determine how states are represented in Congress and affect billions of dollars in government funding.
Part of Commerce’s strategy to get an accurate population count is to greatly expand the use of enumerators equipped with mobile devices. This approach makes perfect sense, but it also carries security risks.
The Government Accountability Office is reviewing the 2020 Census on a regular basis. GAO recently reviewed the progress toward ensuring a secure and successful Census given the need to protect the personally identifiable information of millions of American households. That report found 43 vulnerabilities that were deemed “high risk” or “very high risk.”
Census Bureau CIO Kevin Smith, speaking at an August 2018 program management review update, outlined some of the agency’s security plans. Those plans include measures such as engaging in proactive outreach and public service campaigns to raise awareness of threats like compromised websites and devices, and encrypting and minimizing data on respondent devices.
There are two potential challenges with this approach. First, it depends on census-takers following the policies regarding their mobile devices. Second, it relies on the idea that public education of security best practices is enough. In reality, human nature will always tend toward convenience rather than good cyber habits.
Strategies for stopping cyber attacks and data leaks have often relied on the idea that we can simply ban behavior to keep users safe. Unfortunately, research shows that such bans in most enterprise environments lead to employees finding ways to circumvent those controls.
Rather than banning certain behaviors, the government should adopt the necessary security measures available today to ensure that traditional and mobile endpoints are protected against the growing landscape of cybersecurity threats.
The results from a Lookout report earlier this year support this assertion. It surveyed federal IT and security agency personnel, and discovered some disturbing employee behavior around mobile:
● 74 percent of agency respondents said employees add apps to their phones from unapproved app stores;
● 72 percent of respondents said employees “often” connect their personal devices to federal Wi-Fi networks to perform tasks while at work;
● 67.5 percent say they know work email is stored on employee personal devices;
● 47 percent report their employees send work documents to unsecured personal email accounts.
While concerning, these numbers shouldn’t be surprising. It is difficult to enforce mobile security policy on personal devices. To provide the best mobile protection for 2020 Census data collection, a mobile security solution must protect against the spectrum of mobile risk, including threats and risks tied to apps, devices, networks, websites and content.
These advanced solutions can be seamlessly integrated with existing enterprise mobility management and mobile device management platforms to give agencies true mobile protection. Most mobile security providers integrate their various offerings with the leading EMM/MDM platforms, including Microsoft Intune and VMWare AirWatch.
Few federal initiatives are more important or have a higher profile than the decennial census. Since 1790, the enumeration of our nation’s population is used to redistribute political representation, influence and spending. In 2020, mobile technology will play a larger role than ever before.
Education is not enough to ensure mobile security. The Census Bureau would benefit from technologies that can protect against the full spectrum of mobile risk.
Bob Stevens is vice president of federal systems at Lookout.