IBM blames Vocus, NextGen for Census fail

By on
IBM blames Vocus, NextGen for Census fail

IBM has blamed subcontractor Nextgen for the Census fail debacle, as the blame game continues to wear on.

The services provider has taken heat from Prime Minister Malcolm Turnbull and the Australian Bureau of Statistics for failing to prevent a distributed-denial-of-service attack which led to Australia's first online Census being taken offline on 9 August. The ABS said the website was taken down to prevent user data being compromised.

In a senate submission yesterday, IBM said it had plans in place to prevent a DDoS attack, and pointed the finger at partner NextGen and its upstream supplier Vocus for failing to prevent the attack.

IBM said it had assurances from NextGen that its geoblocking strategy, dubbed 'Island Australia' had been put in place, but a Singapore link operated by Vocus had not been closed off, allowing traffic to flood the Census website.

"Vocus admitted the error in a teleconference with IBM, NextGen and Telstra around 11.00pm on 9 August 2016," IBM said.

"Had NextGen (and through it Vocus) properly implemented Island Australia, it would have been effective to prevent this DDoS attack and the effects it had on the eCensus site. As a result, the eCensus site would not have become unavailable to the public during the peak period on 9 August 2016."

IBM did, however, admit that its staff had wrongly assumed user data was compromised, leading to the website being shut down.

Vocus hit back at IBM in its own submission, saying NextGen offered to install its own DDoS protection product that would have prevented the attacks. NextGen said it had "strongly recommended" installing its own solution, but IBM declined.

Vocus said IBM had not disclosed its own DDoS mitigation strategy until after the fourth attack.

"As a result, any assumption that Vocus was required to, or had implemented Island Australia or geoblocking including, without limitation… are inaccurate," Vocus said.

"Once Vocus was made aware of the fourth DDoS attack, it implemented a static null route to block additional DDoS traffic at its international border routers within 15 minutes."

During senate estimates last night, ABS chief statistician David Kalisch said the cost of the debacle had ballooned to $30 million in remedial costs.

"The ABS made a number of poor judgments in our preparation for the 2016 Census that led to the poor service experienced by many households," he said.

"I apologised to the community on behalf of the ABS, and I repeat that apology sincerely again today."

He added that a digital approach to the Census was still correct, and that the incident would be used as a learning experience for the 2021 Census.

Copyright © CRN Australia. All rights reserved.

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register


Does the government do enough to procure from local IT providers?
View poll archive

Log In

Username / Email:
  |  Forgot your password?