2020 US census plagued by hacking threats, cost overruns

In 2016, the US Census Bureau faced a pivotal choice in its plan to digitize the nation’s once-a-decade population count: build a system for collecting and processing data in-house, or buy one from an outside contractor. The bureau chose Pegasystems Inc, reasoning that outsourcing would be cheaper and more effective. Three years later, the project faces serious reliability and security problems. And its projected cost has doubled to $167 million — about $40 million more than the bureau’s 2016 cost projection for building the site in-house. The Pega-built website was hacked from IP addresses in Russia during 2018 testing of census systems. In a separate incident during the same test, an IP address affiliated with the census site experienced a domain name service attack, causing a sharp increase in traffic. Both raised alarms among census security staff about the ability of the bureau and its outside security contractor, T-Rex Solutions, to defend the system against more sophisticated cyberattack. One of the sources with direct knowledge of the hack involving Russian IP addresses described the internal Census Bureau reaction as a “panic.”