Computer giant IBM has conceded the issues surrounding the census website outage could have been avoided if it had turned one of its routers off and on again beforehand.
IBM’s admission came as it provided evidence to a Senate committee inquiry looking at the botched handling of August’s census, in which millions of Australians were unable to lodge their census forms online for 40 hours.
IBM senior engineer Michael Shallcross told senators one of two routers experienced difficulties when it was rebooted on August 9, the night of the census.
The router was rebooted after experiencing a Distributed Denial of Service (DDoS) cyber attack from overseas, but then mistakenly gave out information suggesting that census data was being compromised.
Mr Shallcross said while engineers simulated the impact of the router being turned off in the lead-up to August 9, they did not manually power the machine down.
“We tested the router failure by simulating it, which is relatively easy to do and repeatable,” Mr Shallcross said.
“If we had our time again, we would probably test a hard power-it-off, power-it-on with that router.”
“That would have discovered earlier that we had that reboot and configuration loading problem.”
Liberal senator Jane Hume later questioned whether IBM should have done more to test the router.
“That’s the sort of level of technical competence I have with my computer,” Senator Hume told the committee.
Chief Statistician David Kalisch from the Australian Bureau of Statistics said he was assured by IBM the system was “robust and was ready to go.”
He said there wasn’t a clear explanation from IBM on August 9 about the problems being experienced.
ABS, IBM and the Australian Signals Directorate are adamant that no personal information was compromised.
IBM concedes no one fired or disciplined over Census
Managing director of IBM Australia Kerry Purcell “unreservedly apologised” for the bungled handling of the census website but admitted no-one had been disciplined or sacked over the incident.
Mr Purcell said negotiations were currently underway with Treasury boss John Fraser about compensation costs, but would not provide an estimate of the final figure.
The ABS told Senate estimates last week the outage was set to add an extra $30 million to the cost of the census.
IT experts have questioned whether IBM and ABS had adequate measures in place to protect the website, given the DDoS attack was relatively small compared to similar attacks.
Mr Purcell said he believed geoblocking — which prevents computers with foreign IP addresses from connecting with Australian servers — was the best way to protect the website.
IBM described its geoblocking program for the census as ‘Island Australia’.
But the tactic was questioned by Alastair MacGibbon, the Special Adviser to the Prime Minister on Cyber Security, who told the inquiry it was not the best technique available to prevent DDoS attacks.
“There certainly were better alternatives, yes.”
He said there were technical problems with geo-blocking because some Australians with Australian-based ISPs were also routed in from overseas.
“There was a fundamental failure in the logic of ‘Island Australia’ … To rely solely on it clearly was a failure.”
IBM criticised NextGen, one of two internet service providers tasked with controlling web traffic, claiming it failed to prevent a foreign DDoS attack being routed through Singapore.
In a submission to the Senate inquiry, NextGen defended its conduct, saying IBM rejected an offer for alternative DDoS protection service.
IBM in reply said it believed NextGen’s alternative was unsuitable.
ABS promises lessons learned for 2021 census
ABS chief David Kalisch apologised for the inconvenience caused by the outage and promised the next census in five years’ time will be better managed.
He announced an independent panel had been created to assess the quality of the 2016 census
Mr Kalisch promised the 2021 census would adopt a “more rigorous approach” following the lessons learned from this year’s census.
He also defended the decision to launch a limited tender for the census contract, which eventually went to IBM.
The ABS said 96 per cent of Australian households took part in this year’s census, comparable with previous surveys.
Mr MacGibbon said an internal review into the conduct of the census had been completed and provided to the Prime Minister.