Skip to main contentSkip to navigationSkip to navigation
Web page of the Australian Bureau of Statistics showing it is unavailable
The Australian Bureau of Statistics was forced to apologise after websites crashed during peak time on census night, which it has blamed on IBM. Photograph: Rick Rycroft/AP
The Australian Bureau of Statistics was forced to apologise after websites crashed during peak time on census night, which it has blamed on IBM. Photograph: Rick Rycroft/AP

Australian Bureau of Statistics lays blame for census bungle on IBM

This article is more than 7 years old

ABS tells Senate inquiry IBM did not properly prepare for risk of a distributed denial of service attack

The Australian Bureau of Statistics has blamed service provider IBM for the disruption that forced the 2016 online census system to be shut down for nearly 48 hours last month, in its submission to a Senate inquiry.

The ABS chief statistician, David Kalisch, says IBM did not properly prepare for the risk of a distributed denial of service (DDoS) attack that triggered the embarrassing shutdown.

The bureau was forced to apologise last month after websites crashed during peak time on census night. At the time, Kalisch said the ABS the site had received a sequence of denial of service attacks emanating from overseas.

A Senate inquiry was later established to investigate what went wrong.

In his submission to the inquiry – published on the Senate website on Friday afternoon but later removed without warning (you can access it here) – Kalisch lays the blame squarely on IBM.

He says IBM had been contracted to host the online census system, and the contract required it to deliver a risk management plan which included the denial of services as a risk that would be mitigated by IBM.

Kalisch says during 2016, ABS sought and received assurances from IBM about “operational preparedness and resilience to DDoS attacks,” and ABS did not independently test the DDoS protections IBM was contracted to put in place because it believed it had received reasonable assurances from the service provider.

“The online Census system was hosted by IBM under contract to the ABS and the DDoS attack should not have been able to disrupt the system,” Kalish says in his submission.

“Despite extensive planning and preparation by the ABS for the 2016 Census this risk was not adequately addressed by IBM and the ABS will be more comprehensive in its management of risk in the future.”

Kalisch also says that over the last 15 years, ABS resources have generally been reducing.

“Its staff numbers have fallen by 14% and the budget appropriation (in real terms) has also fallen by 14%,” the submission says.

“In contrast, the demands on the ABS to properly measure the economy, society and the environment, and respond to the requirements of governments, has increased and become more complex.”

Earlier this month, some Australians who completed the 2016 census were asked to resubmit the form, and the ABS said it was unable to explain the error.

Comments (…)

Sign in or create your Guardian account to join the discussion

Most viewed

Most viewed