{
"authors": [
"Tim Maurer"
],
"type": "legacyinthemedia",
"centerAffiliationAll": "dc",
"centers": [
"Carnegie Endowment for International Peace"
],
"collections": [],
"englishNewsletterAll": "ctw",
"nonEnglishNewsletterAll": "",
"primaryCenter": "Carnegie Endowment for International Peace",
"programAffiliation": "TIA",
"programs": [
"Technology and International Affairs"
],
"projects": [],
"regions": [
"North America",
"United States",
"Iran"
],
"topics": [
"Security",
"Technology"
]
}
Source: Getty
Hacking or disruptions to the census could have devastating consequences. To prepare, the U.S. government should make protecting the 2020 census from cyberattacks a top priority.
Source: Hill
Malicious foreign attackers interfered in the Australian census three years ago, forcing a system shutdown during prime time for respondents to “ensure the integrity of the data.” The attack cost some $30 million in taxpayer money, caused a big embarrassment for the government, and provided fodder for those who had criticized the census all along.
The United States will conduct its own census next year. Imagine that in early 2020, rumors start to emerge on social media that the census in the United States is a political conspiracy of the Washington elite to control the population. Imagine that when the census takes place, devices used to collect the data stop functioning, data gets leaked, or the data itself gets manipulated. With American society on edge ahead of the 2020 election, such scenarios could have devastating consequences for the census as an institution. The federal government must make protecting the census from cyberattacks a top priority. Senior officials have at times highlighted the topic but preparations are still behind schedule.
The Government Accountability Office warned in its new high risk report that the current 2020 census schedule “lacks a risk assessment” and that 21 of 44 positions remain vacant in the office overseeing the $886 million contract for integrating the information technology systems needed to conduct the 2020 census. Moreover, “nearly 1,100 system security weaknesses” still need to be addressed. It outlines priorities from filling the vacant positions to addressing “cybersecurity weaknesses in a timely manner and ensure that risks are at an acceptable level before systems are deployed.” It echoes concerns voiced by other experts.
The census is required by the Constitution and is critical data for economic policy, health care, representation, and more. For example, census data is used to apportion congressional districts that accurately represent rising and falling state populations. It is also used for allocating federal funding across a wide variety of programs. Census data is not just important to government. Census data is publicly available information that is used by private sector companies as they consider investment opportunities and try to grow their businesses. Time is quickly running out so the federal government and the private sector must take these six actions now to mitigate the multiple risks to the decennial census.
First, the federal government should launch a “hiring sprint” to make resources available to fill vacant positions not only at the Census Bureau but the other agencies whose work supports preparing the 2020 census. Such personnel and their activities across agencies should be considered “essential” so they will not be affected by future government shutdowns. Every week matters to prepare and this cannot be neglected again.
Second, there must be a comprehensive plan in place to test information technology systems and to conduct exercises at a reasonable scale. The 2020 census is a gargantuan modernization exercise and information technology upgrade. Even without any interference, such information technology upgrades are prone to accidental failures and disruptions.
Third, the federal government should have an interagency incident response plan in place that includes the national security community to be ready in case any interference does occur. Interference may not only be direct cyberattacks but malign actors seizing the opportunity of any systems malfunction to undermine trust with social media campaigns.
Fourth, technology companies should be prepared that their platforms may be used to interfere in the 2020 census in ways similar to the 2016 election. They have taken important steps in the past two years, especially ahead of the 2018 midterms, and now in the run up to the 2020 election to avoid a similar outcome. Technology companies should treat any potential interference in the 2020 census with similarly grave concern.
Fifth, the federal government should make clear that it will not accept any interference in the census process. Such a declaratory statement by the top levels of the administration will be a clear warning to deter potential attackers. It would emulate similar statements issued ahead of the 2018 midterms, except in this case trying to prevent interference in the first place rather than avoid a repeat. The administration must be prepared to make good on these threats should an attack come from any adversary.
Finally, the United States should take a leadership role at the upcoming two processes at the United Nations focusing on cyber norms. Protecting the integrity of census data is in the common interest of all countries and provides an opportunity for international cooperation even with countries that are not like minded out of shared national security interest.
It be nice if after years of one surprise cyberattack after another, we could get ahead of the curve and ensure an attack will actually not happen.
Tim Maurer
Former Senior Fellow, Technology and International Affairs Program
Dr. Tim Maurer was a senior fellow in Carnegie’s Technology and International Affairs program.
Carnegie India does not take institutional positions on public policy issues; the views represented herein are those of the author(s) and do not necessarily reflect the views of Carnegie, its staff, or its trustees.
The U.S.–India semiconductor cooperation story is well-stocked with top-level strategic intent. What remains unresolved, however, are some underlying challenges that will determine whether the cooperation actually functions. Three such friction points stand out.
Shruti Mittal
Drawing on ten public discussions from the India AI Impact Summit 2026, this article highlights key outlooks on open source in AI that are likely to shape policy and governance conversations going forward.
Shruti Mittal
This collection of essays by scholars from Carnegie India’s Technology and Society program traces the evolution of the AI summit series and examines India’s framing around the three sutras of people, planet, and progress. Scholars have catalogued and assessed the concrete deliverables that emerged and assessed what the precedent of a Global South country hosting means for the future of the multilateral conversation.
Nidhi Singh, Tejas Bharadwaj, Shruti Mittal, …
On March 10, 2026, India’s Union Cabinet approved amendments to Press Note 3, a regulation that mandated government approval on all foreign direct investment (FDI) from countries sharing a land border with India. This amendment raises questions primarily about whether its stated benefits will materialize and if the risks have been adequately weighed. This piece will address the same.
Konark Bhandari
The induction of INS Aridhaman, which features several technological enhancements, now gives India the third nuclear ballistic missile submarine to ensure continuous at-sea deterrent.
Dinakar Peri