Senior IBM Australia executives have faced a senate inquiry committee over the events that led to the online Census failure on 9 August.
IBM confirmed that the eCensus website fell victim to four separate distributed-denial-of-service attacks on Census night, leading to the site being taken down to avoid data being compromised.
Last week, the committee accepted statements from IBM and its ISP partners Nextgen and Vocus, both of which put the blame on each other for failing to implement an effective DDoS protection system.
Vocus said IBM had declined to use Nextgen's own DDoS protection product, which Nextgen claims would have prevented the attacks. IBM executive Michael Shallcross said it considered Nextgen's proposal, but took the position that its own geo-blocking solution, Island Australia, was the best choice for the Census.
IBM repeated its past claim that the problem came down to Nextgen failing to implement the DDoS protection solution after the second attack, leading to its link becoming overloaded.
Vocus said in its submission that IBM didn’t disclose its DDoS strategy until after the fourth attack.
"As a result, any assumption that Vocus was required to, or had implemented Island Australia or geoblocking including, without limitation… are inaccurate," Vocus said.
"Once Vocus was made aware of the fourth DDoS attack, it implemented a static null route to block additional DDoS traffic at its international border routers within 15 minutes."
The committee also questioned why the Census was using a 512mbps link, when a typical DDoS attack can generate up to 1gps of traffic. Shallcross said the issue came down to the attack's qualitive nature, which led to a particular resource being exhausted, and that open sessions were attacked rather than raw bandwidth.
During the inquiry, IBM Australia managing director Kerry Purcell revealed that he was in talks with treasury secretary John Fraser to reimburse the Commonwealth for the failure. When pressed on how much was on offer, Purcell said negotiations were ongoing, and that he wasn't at liberty to reveal the exact amount.
Last week, ABS chief statistician David Kalisch revealed the debacle had ballooned to an additional $30 million in remedial costs. IBM confirmed it was paid $9.7 million as the lead contractor to host the eCensus for 2016.
Purcell also said that no IBM staff had been dismissed or disciplined over the issue.
The inquiry continues this afternoon.