The online Census system was hosted by IBM under contract to the ABS and the DDoS attack should not have been able to disrupt the system. Despite extensive planning and preparation by the ABS for the 2016 Census this risk was not adequately addressed by IBM and the ABS will be more comprehensive in its management of risk in the future. However, once the system had been affected, the ABS took the precaution of closing the online Census form to safeguard and to protect data already submitted, protect the system from further incidents, and minimise disruption on the Australian public by ensuring reliable service." (From Page 4).
- "On the night of 9 August 2016 (Census night) the online Census, hosted by IBM, was subject to a Distributed Denial of Service (DDoS) attack that was not unusual and was anticipated, which affected the Census application system. This was not due to load from legitimate Census submissions, which at the time of the attack were running in line with ABS projections and well within the design load for the system. Around the same time, an unusual spike in outbound traffic was observed in the monitoring systems. These two events led to the closure of the online Census submission to the Australian public until the afternoon of 11 August 2016. While this caused inconvenience, protecting the information of Australians was the ABS’s highest priority and Census information was never compromised.
"The online Census DDoS attack of 9 August 2016 was against an IBM system not an ABS one. See Section 9 for further details." (From Page 7)
Monday, September 26, 2016
ABS Tries to Blame IBM for 2016 Census Problems
In its 123 page submission to the 2016 Census Senate Inquiry, the Australian Bureau of Statistics (ABS) seeks to blame IBM for the failure of the system on Census night. Similarly, in the case of "Maguire v Sydney Organising Committee for the Olympic Games (2000)", SOCOG sought to deflect responsibility for defects in its web site to the contractor, IBM. However, this was rejected and SOCOG, not the contractor, was found responsible. In that case SOCOG was a temporary organization set up just to run the Sydney Olympics, with limited experience. In contrast, the ABS has decades of experience in statistical collection using IT systems and cannot credibly transfer responsibility to IBM. I teach IT Ethics to university students and the 2016 Census will become a useful case study on professional responsibility.
No comments:
Post a Comment