Submitting OIG:
Report Description:
For our evaluation of the U.S. Census Bureau's (the Bureau's) cybersecurity posture, our objective was to determine the effectiveness of the Bureau’s
cybersecurity posture against a simulated real-world attack. To do this, we conducted a covert
cyber red team with six goals tailored to relevant risks. We found that the red team was able to gain unauthorized and undetected access to a Bureau
domain administrator account as well as personally identifiable information of Bureau
employees; reduce the Bureau’s defensive options; use insecure programs to send fake emails; and carry out several
malicious actions that identified 11 security weaknesses.
Short / Alternative Report Title:
Simulated Internal Cyber Attack Gained Control of Critical Census Bureau System
Date Issued:
Tuesday, November 22, 2022
Agency Reviewed / Investigated:
Submitting OIG-Specific Report Number:
OIG-23-004-I
Component, if applicable:
U.S. Census Bureau
Location(s):
Agency-Wide
Type of Report:
Inspection / Evaluation
Questioned Costs:
$0
Funds for Better Use:
$0
Number of Recommendations:
10
View Document:
Attachment | Size |
---|---|
OIG-23-004-I-Final-REDACTED.pdf | 3.78 MB |
Additional Details Link: