Australian Census bosses unprepared for cyber attacks, emails reveal

Head of the 2016 Census, Duncan Young, received little correspondence about Distributed Denial of Service attacks ahead of the census.
CENSUS bosses had little concern about the type of cyber attacks that shut down the census website for nearly two days, new documents reveal.
Emails released under a Freedom of Information request show there was minimal concern about Distributed Denial of Service attacks by census manager Duncan Young in the three months leading up to the 2016 census.
The ABC reports Mr Young received correspondence over the period containing just nine sentences about DDoS attacks, which overload a website by simulating a rush of users trying to access it at the same time.
“At high level, our architecture resists DDoS attacks via use of multiple layers of security,” an email sent in April said.
“In general terms, our experience is that most external DDoS attacks are stopped at the border firewall or, increasingly, in front of it, as cloud services are more widely utilised.”
Australian Statistician David Kalisch received no correspondence about Distributed Denial of Service attacks ahead of the 2016 census. Picture: Kym Smith
Australian Statistician David Kalisch received no correspondence about Distributed Denial of Service attacks ahead of the 2016 census.

The Australian Bureau of Statistics told the ABC it had canvassed a wide range of documents, including those sent to Australian Bureau of Statistics boss David Kalisch, but found no other correspondence about DDoS attacks.
Labor MP Andrew Leigh, whose ACT electorate covers the ABS’ headquarters, has blamed the Turnbull Government for the Census website outage.
Mr Leigh told the ABC the Government should have asked the ABS if it was prepared for DDoS attacks.
MORE: Census had ‘significant and obvious oversights,’ report finds
MORE: The ugly truth about the Census
MORE: IBM, ABS face senate inquiry over Census fail
“The census is the biggest peacetime logistical operation in Australia,” he said.
“And yet the Turnbull Government weren’t prepared for the inevitable denial of service attacks that ended up shutting it down.”
A senate committee inquiry last year found the census was a failed online project with inadequate protection against even a “minor attack”.
Prime Minister Malcolm Turnbull has said the ‘garden variety’ cyber attack on the census was utterly predictable. Picture: AAP
Prime Minister Malcolm Turnbull has said the ‘garden variety’ cyber attack on the census was utterly predictable.
The report also found contractor IBM had failed to adquetly test the technology.
After the report was released, Prime Minister Malcolm Turnbull said the census fail was “utterly predictable” but levelled the blame at IBM.
The contractor paid a “very substantial” but undisclosed multi-million dollar settlement over the incident.
“This was not a particularly clever attack or some great international assault on the Census,” Mr Turnbull said at the time.
IBM chief engineer claims router needed a "hard reset" to avoid Census issues
Michael Shallcross, the chief engineer at IBM said that hard test and reset of one of the two routers dedicated for Census night would have avoided the issues that caused the site to shut down
    “This was a series of common or garden, utterly predictable, utterly foreseeable denial of service attacks,” he said.
    “It’s not hacking, it’s really just bombarding a website with a lot of hits so the server is clogged up.
    “It’s completely predictable.”
    Small Business Minister Michael McCormack told the ABC the government had accepted all of the recommendations of the census review.
    Mr McCormack said there had been positives in the 2016 census’ online component.
    “More than 96 per cent of Australian households completed their census, which is on par with the 2011 census,” Mr McCormack said.
    “A record 58 per cent of Australians completed their census online.”
    Source