The US Census Bureau has been heavily criticized by a government inspector after a 2020 breach which could have been prevented by prompt patching.
Although the attacker was not able to access servers used for the 2020 census, they could modify user account data to prepare for remote code execution, according to the US Office of Inspector General (OIG) report.
Fortunately, the attacker’s attempt to maintain access to the system by creating a backdoor was unsuccessful, thanks to the Bureau’s firewalls. However, the report highlighted a string of failures by the Bureau, which directly led to the attack and complicated incident response efforts.
First, it failed to patch a critical vulnerability on its remote access servers that was exploited by the attacker, despite the vendor publishing a fix more than three weeks earlier.
Second, it failed to promptly discover and report the incident because its SIEM was not set up to analyze suspicious activity in real-time. That created a delay of two weeks before the incident was detected.
Third, an incident investigation was hindered because none of the Bureau’s remote access servers sent system logs to its SIEM platform.
According to the report, the organization also operated servers no longer supported by the vendor and did not prioritize decommissioning these, further exposing it to attacks.
Finally, the Census Bureau didn’t hold a formal “lessons learned” session with incident responders and other stakeholders, which could have improved its processes in preparation for future breaches.
The Census Bureau welcomed the feedback from the OIG and repeated that “no systems or data maintained and managed by the Census Bureau on behalf of the public were compromised, manipulated, or lost because of the incident highlighted in the OIG’s report.”