Critical IT Uncertainties Assist in Landing the 2020 Census on GAO’s “High Risk” List

Published: February 23, 2017

CENSUSCloud ComputingCybersecurityInformation TechnologySystems Integration

A combination of new innovations and technologies for the 2020 Census makes the initiative one of three newly added programs to the GAO’s High Risk List.

Every two years, the GAO places programs that are “vulnerable to waste, fraud, abuse, and mismanagement, or that need transformative change” on its High Risk List. This year, the 2020 Census has earned a spot in this worrisome category.

The 2020 Census is expected to be unlike any of its predecessors by incorporating more technology and automation into its process.  No doubt with the large census undertaking set to take place in less than three years, it is these particular innovations and technologies that the GAO wants to keep a close eye on.

According to the latest Census Operational Plan, the following innovations promise to save an estimated $5.3 billion in the upcoming census:

  1. Large scale internet self-response options
  2. Verifying addresses through methods other than canvassing, such as on-screen imagery
  3. Re-designing data collection and automation of a case management system
  4. Utilizing other administrative records and third-party data

With new innovation comes the new technology to support it. Acquiring and operating new and modified IT systems to support technologies such as mobile devices used by field enumerators and the hardware and software used to automate the management of field operations are among the many complexities facing the 2020 Census. Specifically, the GAO pointed to three, what it calls, “critical IT uncertainties” within the entire program that require close attention and reconciliation:

Strength in the management and oversight of all IT programs, systems, and contractors supporting the decennial:

One of the many new redesigns for the upcoming census includes depending on the delivery of various key IT systems by the Census Enterprise Data Collection and Processing (CEDCaP) program. The process for managing the 2020 Census redesign and CEDCaP lacks in dealing with their interdependencies, according to a GAO report issued in August 2016. Such issues include separate dependency schedules, lack of an integrated list of interdependent program risks and establishing key requirements in responses from an address vs. a bureau-issued ID. Strict project monitoring and control in the interdependencies of these two programs will be needed to manage these and other issues with the redesign and CEDCaP.

In addition to providing integration support for the census systems and infrastructure as well as constructing data collection systems, the GAO report cites another three areas in which the 2020 Census is relying on contractors, including:

  1. Developing the IT platform that will be used to collect data from a majority of respondents—by using the Internet, telephone, and NRFU activities
  2. Procuring the mobile devices and cellular service to be used for NRFU
  3. Developing the IT infrastructure in the field offices

Given the extent of this contractor support, the report calls on the Census Bureau to strengthen its management and oversight over all IT systems and agendas to ensure efficiency and success in the program.

Key IT decisions need to be prioritized and made in time for full end-to-end testing in 2017:

According to the High Risk GAO Report, the Census Bureau had 16 IT-related and 32 partially IT-related decisions left to make as of October 2016. Some of the decisions include cloud implementation, including the determination of the readiness of a cloud solution in meeting the 2020 solution architecture needs, according to the bureau’s Enterprise Architecture and Infrastructure Transition Plan.

Moreover, key decisions regarding the exact tools and test materials to be used during integration testing as well as measuring the system workload for those that respond to the census without a bureau-issued ID were still needed to be made.

A dress rehearsal of sorts, the bureau will need these decisions and solutions in place by the 2018 End-to-End Test phase, scheduled to begin August 2017.

Information security risks and challenges need to be addressed to secure the Bureau’s systems and data:

Increased use of systems and data in the 2020 Census will require an increase in security to protect them. In fact, the Enterprise Architecture and Infrastructure Transition Plan states that the “transition to the 2020 Census architecture involves validating the security of nearly 60 systems.” Cybersecurity incidents must be monitored and caught for any of the IT systems used for the census, including the Internet self-response tool, mobile devices for fieldwork, and data processing and storage systems within the agency.

The High Risk report cites that the agency is facing challenges with developing the policies and procedures needed to minimize the threat of data theft in its various systems. Moreover, the level of information that individuals may access is another security factor that must be ironed out by the bureau.  Finally, since the systems to be used for the 2018 End-to-End Test are still being developed, the finalization of security plans for the weaknesses of those systems will face a constrained planning and implementation timeline.

This is certainly not the first time a census has landed in the GAO’s High Risk List. In fact, both the 2000 and 2010 Censuses saw their time on GAO’s “most wanted” list, as I like to call it. However, given the extent of use with new IT systems and technologies in the upcoming count, it will certainly be interesting to see the final cost and outcome the new methods of the 2020 Census will bring.