The barbs are flying thick and fast over Tuesday night’s Census debacle, which saw millions of Australians fail to complete the survey online amid heavy user traffic and accusations of hacking.
The New Daily is running a front-page spread featuring online security expert, Mike Johnston, who claims the ABS was unprepared for the most “simple” and “obvious” cyber attack. Johnston suggests that the website’s crash may have been caused by a combination of a Denial of Service (DoS) attack and the site’s inability to cope with the number of people trying to access it at the same time; although Johnston believes that the latter is the more likely explanation.
James Turner – a cyber security advisor with IBRS, and the founder and facilitator of CISO Lens, a forum for the Chief Information Security Officers (CISOs) of Australian private sector organisations – is even more critical today in The AFR. Turner claims the ABS and politicians ignored repeated warnings from security experts and failed to plan adequately for expected peak loads (i.e. poor capacity planning):
…you’ve got allegedly 15 million people all trying to access the site within a three to four hour window. Let’s call it a five hour window, and even drop it to 10 million people. That’s still 2 million people per hour. And that is double the 1 million people per hour that the ABS said the site was built to service. Planning for this level of demand is not rocket science, but it does seem that the census website was simply not designed to support a realistic level of demand.
Given the importance of the census, is is extremely likely that if the ABS had gone to any of Australia’s leading organisations and asked for advice, they would have got it in spades. The banks face DDoS attacks all the time, and know how to shrug these off.
Other tech sector experts have blasted IBM and the ABS over the Census failure and demanded compensation, according to The AFR. PoweredLocal CEO Michael Jankie said the companies responsible for the Census failure should be punished. Digital Rights Watch board member Amy Gray suggested an independent investigation into the distributed denial of service attack against the Census website.
Meanwhile, The AFR’s Laura Tingle has pinned the blame for the stuff-up squarely on the shoulders of the Turnbull Government:
While the story of the census is seen in the political narrative as just another stuff up by the Turnbull government, it is more importantly a perfect storm of issues surrounding the erosion of credibility of all of our institutions, and how the chains of oversight and accountability work in them.
For the government, it is another shredding of its authority and credibility…
The government was certainly flat footed in dealing with the growing warning bells and community alarm in recent weeks that something could go wrong.
But the more alarming issue is whether anyone was actually in charge in the first place.
Fairfax’s Peter Martin has made similar claims:
With no leader, treasurer Joe Hockey and prime minister Tony Abbott had left the position at the top [of the ABS] unfilled for the best part of a year, the ABS developed grander plans…
It wanted to abandon the 2016 census altogether, moving from five-yearly to 10-yearly, to save $200 million…
Instead it gave most of Australia only one way to submit census forms, emphasised the importance of the survey it had previously tried to ditch, threatened fines of $180 per day for people who didn’t comply, and underestimated either the strain on the system or the security of the system.
At almost every step of the way the government has been hands off. The latest minister (Michael McCormack has been in charge of the ABS for less than two weeks) gives the impression the decision to retain names didn’t even go to cabinet…
The government has looked the other way.
Whereas Labor leader, Bill Shorten, has labeled it “the worst run Census in Australian history”.
Finally, the Government is in full arse covering mode, with the Prime Minister’s cyber security adviser, Alastair MacGibbon, claiming concerns about privacy made the Census a target. From The AFR:
“It was a matter of large public discussion and as a consequence it clearly was a site of interest to malicious people,” Mr MacGibbon told Sky News on Wednesday.
Expect the recriminations and arse covering to continue over coming weeks.
