The government has “completely rebuilt” its online Census system after an infamous cyber attack almost derailed the 2016 count, with the Bureau of Statistics promising Tuesday will run much smoother.
National security agencies and cyber experts have been drafted in to help defend against malicious attacks, as the government looks to avoid a repeat of what was unkindly referred to as #CensusFail.
“Keeping people’s information safe, secure, and protected from cyber attacks is of the utmost importance for the ABS,” a spokesperson told The New Daily.
With lockdowns across three states, and more than half the nation’s population under stay-home orders, you could be forgiven for having missed the upcoming Census.
But on Tuesday night, every Australian household is required to complete their Census form, telling the federal government who lives in their house, and what they do.
It’s a crucial service for the government to “make important decisions” and “help plan local services”, according to the Australian Bureau of Statistics.
“The Census, held on Tuesday, 10 August, 2021, is a snapshot of who we are and tells the story of how we are changing,” the ABS said.
The five-yearly population count will be a key indicator of how Australians’ habits and behaviour are changing through the COVID pandemic.
But the government is sweating on Tuesday not being a rerun of 2016, when a cyber attack led to a calamitous tech failure in which the online forms were taken out and created huge delays to the system.
“In 2016, the online form experienced a significant outage on Census night. The online Census form was targeted by a series of distributed denial of service (DDoS) attacks,” an ABS spokesperson told TND.
“Compounding the problem, an attempt to restore the system during the fourth DDoS attack led to the failure of one of our supplier’s routers.”
That means a cyber attack attempted to flood the systems of the Census, making it difficult for users to log on.
In 2016, following three earlier DDoS attacks during the day and then a fourth at night, the ABS said it “took the precaution of closing down the system to ensure the integrity of the data”.
The website was down for two days.
IBM, which provided the infrastructure for the Census, defined the DDoS attack as “a malicious attempt to make a system unavailable to its intended audience by overloading servers with requests to render it unavailable or causing it to shut down”.
A scathing Senate report into the 2016 Census claimed the attack was “of such a small size that it should have easily been handled effectively”, and that the threat of a DDoS attack “was not adequately protected against”.
Malcolm Turnbull, PM at the time, described it as a “humiliating debacle” in his 2020 memoir A Bigger Picture.
The ABS stressed that, even after the 2016 incident, there had been “no unauthorised access to, or extraction of, any personal information”.
However, it has enacted far stronger protections for this year’s Census.
“The Australian Bureau of Statistics has completely rebuilt the Census Digital Service, including cyber security protections informed by the Australian Cyber Security Centre and other experts,” the spokesperson said.
They said the ABS had also been working on other robust technical responses including:
- Undertaking rigorous testing, such as ethical hacks of our IT systems
- 24/7 Security Operations Centre to monitor Census systems and provide alerts on potential security issues
- Conducting independent security risk assessments through “endorsed third party assessors”.
“Since the DDoS incident which affected the 2016 Census, the ABS has implemented DDoS protections and conducted regular DDoS testing to verify its protections,” the Bureau said.
“The Census Digital Service has been architected and designed to handle large loads and defend against large-scale sophisticated DDoS attacks. The Census Digital Service has undergone extensive security testing including a number of rounds of very large DDoS tests.”
The ABS said that “key government security agencies” had been enlisted to beef up the Census systems, including the Australian Signals Directorate “to prevent targeted cyber attacks”.
All Census data will be “securely hosted in Australia and encrypted end to end”, with information only available to approved ABS staff.
Even after the issues in 2016, the ABS said it expected some 75 per cent of forms to be completed online, up from 63 per cent at the last count.
People can fill in their Census early, if they know where they will be on Tuesday night.
More than one million forms have already been submitted.
“The 2021 Census systems have been subject to independent review and we are working closely with key government security agencies to do everything possible to ensure the online form is safe, secure and easy to complete for the Australian community,” the ABS said.
For more information, see the ABS Census website.