Posted by Guest on July 15, 2019 in Blog
In 2016, the Australian Census was disrupted by a distributed denial of service (DDoS) attack from overseas. DDoS attacks happen when an attacker seizes control of a large number of computers and other internet-capable devices, then directs them to send requests to a website. This overwhelms the website and prevents it from handling normal traffic, so real users cannot access the website. According to the Australian Bureau of Statistics, the agency was able to successfully prevent three DDoS attempts earlier in the day but decided to close the website after a fourth attack to prevent data breaches leading to additional cost of $24 million, or roughly 4% of the total Australian Census budget.
Given how common DDoS attacks are – over one third of US businesses experienced a DDoS attack in 2017 – Census Bureau officials are concerned about a similar attack on the 2020 United States Census. Additionally, census officials expect that over 60% of respondents will answer the census online. Given the total US population, it may be possible for real residents responding in good faith to overwhelm the census by themselves, potentially causing issues similar to those seen during the launch of Heathcare.gov in 2013. To mitigate this, the Census Bureau is working to ensure that the Census website can handle large volumes of traffic. Based on statistical models and dress rehearsals, the Bureau is anticipating approximately 120,000 legitimate users to fill out the census online at any given time, and has built its website to support 600,000 users at once.
Furthermore, having the census be primarily completed online can be a technological roadblock on its own. Broadband internet access is unequally distributed, with urban communities having better access than rural communities and white households having better access than Black or Latino households. The Census Bureau also has not released any information about how the Census form will work on mobile browsers, often the only computers to which low-income households have access.
While denying respondents the ability to answer the census is not directly disinformation, failures of the census site could reduce trust in the Census and fuel disinformation from groups who want to discourage responses to the count.
A proactive approach to cybersecurity is also necessary to protect respondents from theft of their personally identifiable information. The Census Bureau has gone on record as saying its cybersecurity program is robust, but that they will not release details to the public as that could make their security measures less effective. However, the Government Accountability Office listed the 2020 Census on its list of high-risk projects: as of December 2018, GAO reported that there were approximately 1,100 security vulnerabilities left to fix, down from 3,100 in June 2018. By April 2019, the number of vulnerabilities had fallen to 500. The Census Bureau is continuing to fix vulnerabilities, but GAO is urging them to implement further cybersecurity protocols to reduce the risk of a data breach.
As we said in our second blog post in the series, actual failure may not be as important as perceived failure. When it comes to cybersecurity, the Census Bureau must take a strong stance to ensure that not only are all respondents comfortable and safe while responding online, they feel comfortable and safe as well.
All posts in this series are guest authored by Summer 2019 Ph.D. Fellow Emma Drobina.