As we pass 36 hours since the census site was taken down, Prime Minister Malcolm Turnbull is looking to shift the blame onto the ABS and IBM, the technology giant responsible for the census’ online platform.
Despite little evidence — from services that monitor distributed denial of service (DDoS) attacks globally — that attacks were taking place at the time of the census on Tuesday night, Turnbull has reiterated that the ABS’ decision to take down the site at 7.30pm was after a series of DDoS attacks on the census website during the course of the day. But he told new talkback bestie Alan Jones that DDoS attacks were “highly predictable” and “extremely common” and the ABS and IBM should have been adequately prepared:
“Measures that ought to have been in place to prevent these denial of service attacks interfering with access to the website were not put in place. That was a failure. That was compounded by some hardware failures, and inadequate redundancy … There are clearly very big issues, very big issues for IBM, the systems provider for the census and for the Australian Bureau of Statistics.”
The Prime Minister warned of “very serious consequences” to follow from the failure of the census site and said his cybersecurity adviser, Alastair MacGibbon, would be leading a review into the debacle, predicting “heads will roll” when the review is completed.
The ABS will also have questions to answer. IBM was only awarded the contract at the end of 2014, after the ABS failed to develop its own census platform in-house for the past two years. IBM has reportedly pulled all media advertising until the controversy subsides. The company has also gone to ground, not responding to phone calls and emails from media, including Crikey.
While in damage-control mode publicly, the ABS is also having to manage the fallout from the census debacle internally. According to an ABS insider speaking to Crikey, Chief Statistician David Kalisch held an all-staff session today, in which he went over much of the same detail that was released publicly yesterday. After several DDoS attacks, the attempt for an “Island Australia” approach of blocking all traffic coming outside Australia failed, and management were concerned this failure could lead to a data breach. As a result, ABS management made the decision to pull the plug on the website until it could be secured.
Kalisch told staff the whole incident was “unfortunate” and reiterated public comments that the controversy over the ABS’ decision to retain names and addresses for four years instead of 18 months and the associated privacy concerns had made the ABS a target. He told staff the ABS aimed to be as transparent as possible about the whole disaster. The site will only be restored once given the all-clear by Australian Signals Directorate, IBM and ABS management.
In an email to staff, deputy Australian statistician Trevor Sutton offered ABS staff counselling over the fallout, and said they should be prepared for it to impact on their personal lives:
“As you engage with our stakeholders, providers, users and community members in the coming days, no doubt these challenges will be mentioned and some people may be disappointed, annoyed, frustrated and even angry. Others, of course, will be more considerate.”
One of the biggest communications and operational fails in a long time. However, it’s good to see some signs of internal management and support happening. Well done for that ABS.
IBM was the contractor for the disastrous upgrading of the Queensland Health payroll system.
Government departments are still living in the 1970s when the saying was “nobody lost a job choosing IBM”. IBM although lousy at providing Technology are quite brilliant at getting non technical public servants to sign contracts with no penalties, responsibility or measured outcomes.
Two extremely high profile catastrophic failures for IBM as a provider of Government ICT services.
Who could justify signing them up for another try ?
Josh, you have tried too hard to nail this to the Government. It should be kudos to Turnbull to be tech-savvy enough to know exactly where the blame should lie. It’s refreshing to see the contractors put in the spotlight.
It is worthwhile recollecting the testimony of the Accenture MD in the Qld Health “Royal Commission” where he said that IBM will promise the world but would be unable to deliver.
Well it’s not like we weren’t warned about the outcomes of cuts by the various “evil unions” representing departmental workers. Maybe he’s pointing the finger right where he should be: http://mobile.abc.net.au/news/2014-10-09/abs-staff-say-data-undermined-by-funding-cuts/5801844
Greg Jericho provides some good context here, on the chronic underfunding of the ABS:
https://www.theguardian.com/business/grogonomics/2016/aug/11/lesson-of-censusfail-continued-funding-cuts-mean-agencies-cant-do-their-job