Australia's #CensusFail blamed on IBM's 'inadequate' planning

The nation's prime minister pins Tuesday night's census website disaster on IBM's failure to plan for a "completely predictable" DDoS attack.

Luke Lancaster Associate Editor / Australia
Luke Lancaster is an Associate Editor with CNET, based out of Australia. He spends his time with games (both board and video) and comics (both reading and writing).
Luke Lancaster
3 min read

Prime Minister Malcolm Turnbull says "heads should roll."


Australian Prime Minister Malcolm Turnbull is taking IBM to task for the widespread website outage that crippled the country's first attempt at an online census.

The Australian Bureau of Statistics (ABS) attributed the problem on Tuesday night to distributed denial-of-service (DDoS) attacks, but Turnbull sees a bigger picture.

The attacks that brought down the census website were "completely predictable" and "should have been repelled readily. They weren't because of failures in the system that has been put in place for ABS by IBM," he said in a radio interview on 2GB on Thursday.

The US-based tech company was awarded a AU$9.6 million dollar contract in 2014 to develop and support the online platform for the 2016 Census, rather than the bureau handling the task in-house.

The controversial 2016 Census, the country's first to go online, was already on the wrong side of public opinion. But the alleged DDoS attacks that rendered the site inaccessible on Tuesday night -- when Australians were required to go online to complete their forms -- compounded frustrations with what was already dubbed #CensusFail.

Australia's problems could be a taste of what governments worldwide will face as they shift more tasks online. It also reinforces average citizens' concerns about the security of their personal data.

Enlarge Image

IBM Security Solution Architect Philip Nye tweeted (now deleted) a hack of census data was "inevitable".

Screenshot/Asher Wolf

DDoS attacks are designed to overload a server with massive amounts of irrelevant traffic, making it inaccessible to the intended users. In the case of the census website, it meant Australians were unable to load the website and submit their forms as required.

Turnbull pointed to the DDoS attacks, hardware failures and "inadequate redundancies" being responsible for the decision to take the census website offline, but was clear that the blame rests on IBM.

"This has been a failure on the part of the ABS," he said. "It appears that the root cause of this was that measures that ought to have been in place to prevent DDoS were not put in place...No doubt that there were serious failures in preparation."

At the start of August, IBM Security Solution Architect Philip Nye tweeted (now deleted) that a hack of census data was "inevitable".

Given this year's inclusion of name and address on census forms, privacy concerns have been at an all-time high. Turnbull has stressed that the DDoS attacks were not a hack and that a DDoS attack would not normally result in unauthorised data access. The ABS also reassured the people who managed to submit a census response that their data was still secure.

Alistair MacGibbon, cybersecurity adviser for Australia, will lead an inquiry into whether IBM did enough to protect the AU$470m census.

"There are clearly very big issues, very big issues for IBM, the systems provider for the census, and for the Australian Bureau of Statistics itself," said Turnbull. "There are lots of people out there trying to find out who is to blame and which heads should roll."

Questions still remain regarding how the bureau verified the integrity of the outsourced census platform and whether the census site will be better equipped to handle attacks when it is again online.

Neither IBM nor the prime minister's office responded to request for comment.