UPDATE #Censusfail inquiry: ABS submission back online

Public submissions to the Senate inquiry into the debacle of the 2016 Census reveal that the government still doesn't know who carried out the cyber attacks that forced the website to be shut down and that the Bureau of Statistics received 'various assurances' from IBM about the website being able to withstand any such attack.

ABS Census of Population and Housing website

(AAP) Source: AAP

The Parliamentary Senate Inquiry investigating the failures of the 2016 Census needlessly took down the Australian Bureau of Statistics' submission last Friday out of an abundance of caution.

The Standing Committee on Economics received the 123-page submission on Friday afternoon, but within hours of it being published and reported upon, it disappeared from the website.

The Committee office confirmed that there were concerns that the ABS report - which pointed the finger at service provider IBM - contained confidential material that should not have been published.
But the office today told SBS News that on reflection this was not the case, and the report is now back online unamended.

Taking it down was labelled an "administrative error" by the Senate committee office, not because of any request from ABS or any other parties.

In the long and detailed submission, the ABS insisted that it received assurances from computer giant IBM that the Census website would be able to withstand any so-called denial of service attacks.

However on Census night, August 9th, the website went down, frustrating millions of Australians and humiliating the ABS and the Federal Government, which had already been fighting off concerns about data protection and privacy for taking the census online.

It emerged the next day that the website was the subject of several Distributed Denial of Service attacks, which could have been "potentially malicious", forcing the ABS to deliberately shut down the site to protect people's sensitive data.

The ABS said that the website didn't crash "due to the load from legitimate Census submissions... well within the design load for the system".

However, the ABS said it was part of IBM's contract to make sure the website could withstand attacks.

 "During 2016, the ABS had sought and received various assurances from IBM about operational preparedness and resilience to DDoS attacks," it stated.

Investigations subsequently identified IBM had failed to properly implement geo-blocking under a protection called 'Island Australia'.
"The ABS did not independently test the DDoS protections that IBM was contracted to put in place, as it considered that it had received reasonable assurances from IBM."
"At no time was the ABS offered or advised of additional DDoS protections that could be put into place," it said.

The Census debacle spawned its own hashtag #censusfail and subjected the institution to ridicule. At the time Prime Minister Malcolm Turnbull said heads would roll over the failure.

The ABS has used its submission to take aim at media coverage which was critical of the ABS wanting to keep people's information for four years instead of the usual 18 months, stating that "the community benefit of what the ABS was proposing to deliver from the 2016 Census was not able to get a reasonable representation".

In another submission,  the Prime Minister's Special Adviser on Cyber Security says those responsible for the denial of service attacks which forced the shut down of the Census website on Census night have not yet been identified.

Alastair MacGibbon has provided a short report to the Senate Inquiry.

The inquiry is due to report back on November 24. It's not yet been decided whether it will hold public hearings.


Share
3 min read
Published 23 September 2016 7:28pm
Updated 27 September 2016 5:24pm
By Daniela Ritorto


Share this with family and friends