Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Government United States Politics

2020 US Census Plagued By Hacking Threats, Cost Overruns (reuters.com) 66

Reuters reports: In 2016, the U.S. Census Bureau faced a pivotal choice in its plan to digitize the nation's once-a-decade population count: build a system for collecting and processing data in-house, or buy one from an outside contractor. The bureau chose Pegasystems, reasoning that outsourcing would be cheaper and more effective. Three years later, the project faces serious reliability and security problems, according to Reuters interviews with six technology professionals currently or formerly involved in the census digitization effort. And its projected cost has doubled to $167 million -- about $40 million more than the bureau's 2016 cost projection for building the site in-house. The Pega-built website was hacked from IP addresses in Russia during 2018 testing of census systems, according to two security sources with direct knowledge of the incident. One of the sources said an intruder bypassed a "firewall" and accessed parts of the system that should have been restricted to census developers. "He got into the network," one of the sources said. "He got into where the public is not supposed to go." In a separate incident during the same test, an IP address affiliated with the census site experienced a domain name service attack, causing a sharp increase in traffic, according to one of the two sources and a third source with direct knowledge of the incident.
This discussion has been archived. No new comments can be posted.

2020 US Census Plagued By Hacking Threats, Cost Overruns

Comments Filter:
  • by butchersong ( 1222796 ) on Wednesday December 04, 2019 @11:20AM (#59484294)
    • Yeah, currently there are people that walk around, going house to house asking for the number of people in your house. They have a clipboard and are very swift and kind. This happens once every 10 years.

      But now they're wanting to digitize the whole affair. Seems like they're trying to fix something that's not broken, and that never ends well.

      • Yeah, currently there are people that walk around, going house to house asking for the number of people in your house. They have a clipboard and are very swift and kind. This happens once every 10 years.

        But now they're wanting to digitize the whole affair. Seems like they're trying to fix something that's not broken, and that never ends well.

        Well, especially these days...I dunno if I'd want to be out walking around in many neighborhoods, especially without being armed.

        Places in Chicago and Baltimore imme

      • Some people don't live in houses / apartments, etc.
  • Can't we require good ol' FB, Google, and NSA to just give us this breakdown?

    They clearly know with better accuracy at this point. And I'm sure they would provide the census info for a mere billion.

    • If by the targeted Ads I get is any example. FB and Google doesn't really know that information to well.

      Local Restaurant chain 150 miles away. (Probably based on the location of my ISP)
      Targeted Political ads from a party that I do not belong to and often actively oppose. (Perhaps because I watch Wood Working Videos (That don't cover politics))
      Assumes that I have children.... (As I look at friends and family, family pictures?)

      My online social media presence, I keep rather reserved. Making it difficult fo

  • The Pega-built website was hacked from IP addresses in Russia during 2018 testing

    Test 1.0: "F-"

  • by pgmrdlm ( 1642279 ) on Wednesday December 04, 2019 @11:29AM (#59484324) Journal
    Now that makes me wonder if this was an existing firewall that this site was added to, or a new one specific to the application. If it is an existing firewall, what else was the intruders able to get access to?

    Better question. Why was a test site open to the internet? They can do virtual networks and do testing as if it was a real world environment.
    • Census takers will probably be inputting directly into a centralized database using handheld devices across the internet. How do you test that without opening it to the internet?

      • Well, in that I work for a company has mobile devices in the field I hel support. Their primary communication when in the field is through Verizon over a VPN. But they can also connect when at the shops via wifi. I still don't understand why testing with mobile devices would require open internet connections. At least in the initial phase. Not trying to be a smart ass, just asking.
        • by pnutjam ( 523990 )
          VPN can't connect from public hotspots without passing the "authorization" page that many public sites use. To allow this, you have to allow local access without the vpn.
      • The devices have VPN Software with two factor authentication to connect to the site. Yes having a VPN open is a port open to the internet and a possible threat point. However it is way more secure then having a web site public to the internet.

        A public website is like locking your doors on your car. a VPN is locking your car doors while in a locked Garage.

        What can make it more secure is the VPN will only allow particular MAC addresses to connect.

        • I don't know anything about the census software but knowing how our government works in general it wouldn't surprise me one bit if the system was a simple http form that dumped info to a .csv file and the vendor charged $150 million for it.

          • by Dunbal ( 464142 ) *
            Naw, the CSV version was only $50 million. The government went all out with $150 million to get the json version.
        • What can make it more secure is the VPN will only allow particular MAC addresses to connect.

          Well, MAC's are pretty easy to spoof.

          Just have folks sniff the signals near any Census types carrying their devices and find the MACs they're using might be one method.....

          • That+Plus Encrypted Login to a VPN+Second Factor Authentication+Finding the internal server connection+Login and Password to that.

            There is no fool proof security system that is functional. However you can make it difficult and expensive to break in.
            To have folks sniff near by signals to copy the MAC Address is already an expensive undertaking.

        • What can make it more secure is the VPN will only allow particular MAC addresses to connect.

          Along with the use of client certificates and strong ciphers.

      • They can connect to a WiFi AP set up on the outside of the firewall on the test system.
  • by barakn ( 641218 )

    Why is "firewall" in quotes?

    • Because it's not made of fire, duh.
      • https://www.youtube.com/watch?v=Y47G-Wa4qfs/ [youtube.com]

        Lyrics
        Hey, now, huh-huh
        Hey, hey, hey, no, (Ow, now)
        Hey, now, huh-huh
        Hey, hey, hey, no
        Fire (uh) (uh)
        Fire (It's all about) (Uh, uh)
        Fire (Woo, woo, woo)
        Fire
        The way you walk and talk really sets me off
        To a fuller love, child, yes, it does, uh
        The way you squeeze and tease, knocks to me my knees
        'Cause I'm smokin', baby, baby
        The way you swerve and curve, really wrecks my nerves
        And I'm so excited, child (Yeah), woo, woo
        The way you push, push let's me know t

  • This can not be done with generic computers and OS.
    Computers, and the internet, are designed to be open. It's built into there most basic concept.

    If we want to go electronic, we need a custom OS, on custom boxes, and a non internet delivery system of data.
    Good news, the system doesn't need to be complex since all they will do is run a completely custom machine and only need to handle vote counts.
    No need for complex video drivers, not need for and sounds outside of a beep, and so on.
    Less complexity, fewer vectors for attack.

    Components need to be simple and made by an evaluated and trusted company manufacture hear in america.

    It needs a separate system hard wired to compare a 'md5' of the OS every minute.
    The ONLY thing that can be written to needs to be the vote count.
    And it needs to be made by a non partisan transparent government agency.

    Then users should get 2 receipts, one for a box and one to compare vote.

    And that's just the start.

    • This can not be done with generic computers and OS.

      That's as may be, but why are you talking about voting? The article is about census taking.

    •     If they aren't allowed to ask if they are US citizens... does it really matter?

  • by geekoid ( 135745 ) <dadinportland@y[ ]o.com ['aho' in gap]> on Wednesday December 04, 2019 @12:26PM (#59484490) Homepage Journal

    " reasoning that outsourcing would be cheaper and more effective."

    It never is, long term. Short term? perhaps, but we are talking about the government, so long term is critical; which is why it should be developed in house.

    I've been through ,any project were a government agency is 'upgrading' away from main frames into something like SAP or Oracle.
    Every time, the cost exceeded updating the mainframe within 5 years.
    With less reliability in the system, more maintenance, and vendor support is a toss of the dice.

    Outsourcing is great for a company that has bonus driven executives the go away after 3-5 years.
    Well, great for them, not for the company, long term.

    • Aside from most large software projects going over budget and failing to be fully completed in time, a fair chunk of the time outsourcing these government projects is just an excuse to give a contract to one's political donors or friends so there's always a chance that the project is there to pick the pockets of the American taxpayer for the benefit of a few individuals. Even when you don't have those situations there are always plenty of companies that realize that government will just continue to throw mo
      • For that matter, they could probably just ask Google which most likely has all of the data that census bureau cares about anyways. Between them Facebook and Amazon I wouldn't be surprised if you could put together a scary accurate profile of 90% of the country.

        90%? Who are these amazing secret agent 10% who have managed to escape the gaze of the all-seeing eye?? There definitely aren't that many Amish in the country.

  • by WoodstockJeff ( 568111 ) on Wednesday December 04, 2019 @12:46PM (#59484574) Homepage

    Constitutionally, the Census is to count how many people live where, to use in making sure that the House of Representatives is appropriately representing the people. THAT information does not need a lot of security, other than making sure it is not contaminated.

    HOWEVER, we are now getting asked things that aren't so generic. What sex are the people in the household? What are their ages? What is their racial makeup? Marital status? This information is sensitive enough to warrant heightened security.

    Of course, it's also the information needed to gerrymander districts to make sure certain groups get control over as many people as possible...

    • Describe “now”. Those kinds of questions have been asked for the last 2 census. Marital status by the way is not asked directly. It is indirectly asked through relationship to Person 1. The new question which the Trump Administration wants to ask if the citizenship status of each person in the household which courts have ruled that they cannot ask without justification. When asked to present justification, the administration simply folded.
      • The new question which the Trump Administration wants to ask if the citizenship status of each person in the household which courts have ruled that they cannot ask without justification.

        I don't understand WHY that question got turned down or they folded.

        Asking citizenship is NOT a new question....it had been asked on many census' in the past, only on relatively recent ones had it been dropped, but historically it had been used before.

        And really it makes perfect sense to use it, I mean it is FOR knowing

        • Asking citizenship is NOT a new question....it had been asked on many census' in the past, only on relatively recent ones had it been dropped, but historically it had been used before.

          Describe “recent”. On the short form, the last time citizenship question was asked was 1950. The long form had it as recent as 2000; however, the long form asked for everything including household plumbing.

          And really it makes perfect sense to use it, I mean it is FOR knowing where US citizens live and how best to represent them, no?

          1) The Constitution specifically calls for a count of "persons" not citizens. 2) The count of persons helps to determine resource allocation not just vote distribution. Counting only citizens will undercount. Case in point, one of my friends, Bob (not his real name) is from England and is here

  • Wow, they're going to be spending $40M more than projected....

    Which will amount to 0.004% of this year's deficit. The Census Bureau obviously isn't managing to hold up its proper share of Washington's spending.

    Rather more seriously, there are ALWAYS cost overruns on US Government projects, quite possibly because they have an unlimited amount of money to spend, so noone cares....

    Note that if you can just create more money when you spend more than you take in in taxes, you effectively have an unlimited am

    • by AK Marc ( 707885 )
      Odd. The Constitution I have allows the president to veto spending bills he doesn't like. What's yours say about the veto?
  • undoing a wrong moderation
  • No, the Census Bureau isn't mandated in the Constitution. Counting the people at least once every 10 years is mandated. Simply counting them all once a day would satisfy the Constitution, and have the number of representatives set for the number counted on January 1 of an election year.

    Also, if you want to piss off a White Supremacist, note the Constitution requires counting "residents". Not "citizens", not "legal residents". So constitutionally, you must count illegal aliens. Trying to scare them off
    • Screw off with your white supremacist bile. I've never met a legal immigrant who was in favor of illegal immigration and half of my family are immigrants. It is important to know how many illegal immigrants are in the country. Why do you oppose this?

  • They start by hiring anyone they can find for a limited gig. Then they somehow rank order them and put the least competent ones at the top and go down from there. You might think I'm kidding, heck, I would think I was kidding, but, while it may not be exactly what they are trying to do, it is what they do, more often than not.
  • The US government should always do its own software and systems in house, but almost never does. All third party software can and will be hacked, can and will have compatibility problems with other software. The one example I can site of a government agency doing something right is the Vista system at the VA, which is in no way connected to Windows Vista. It is the one medical records system users don't hate, as doctors and nurses were involved in its development. It was never an approved project, and they

There's no sense in being precise when you don't even know what you're talking about. -- John von Neumann

Working...