In 2016 Australia's online census failed. Preparations for the 2021 edition have been rated 'partly effective'

Devs can make unauthorised changes, data integrity is a work in progress, security is not there yet ... and there's just nine months to go


In 2016 Australia's online census crashed and burned after legitimate attempts to complete the survey were mistaken for a DDoS attack, the routers funnelling traffic failed, and disaster recovery plans did likewise.

A probe into the fail revealed poor planning, little testing, and many red faces. The mess ultimately saw IBM pay AU$30m to the Australian government to compensate for costs incurred in making the census available. Big Blue was vindicated, to some degree, by the fact that Australian government agencies signed off on its security plans. The incident, which came to be known as #Censusfail, became a byword for Australia's government being bad at technology.

Little wonder, then, that the Australian Bureau of Statistics (ABS) decided to commission an independent audit of its preparedness for the 2021 census.

The first conclusion of the report [PDF] based on that audit is that planning to date has been "partly effective".

The report goes on to damn preparations with faint praise, finding that while "largely appropriate planning and governance arrangements" are in place, "the risk framework is compromised by weaknesses in the assurance arrangements."

On the IT front, the bureau's preparations are again rated "partly effective".

"Generally appropriate frameworks have been established covering the Census IT systems and data handling, and the procurement of IT suppliers. The ABS has not put in place arrangements to ensure that improvements to its architecture framework, change management processes and cyber security measures will be implemented ahead of the 2021 Census."

Nerd fail photo via Shutterstock

Australia's IBM-assisted Census fail burned AU$30 MEEELLION

READ MORE

The report also found that "partly appropriate" security controls are in place and that the bureau's high-level security measures and controls are "sound". However, the agency's security strategy has not been fully implemented.

Nor has the bureau fully implemented its new IT framework, so Census tech is not compliant and is in any event built outside the agency's architecture standards. It also lacks controls for managing non-compliance. "The ABS has not established a process to mitigate the risk of unauthorised changes being implemented across systems supporting the Census."

Data handling is not in great shape either. The review rated current practices as "partly appropriate" and warned the ABS "has not fully implemented controls for managing the quality and protection of 2021 Census data and does not have in place appropriate arrangements to monitor control implementation."

The report therefore recommended an assessment of the risks created by non-compliance, plus the creation of controls for mitigating unauthorised and inappropriate system changes. Those controls will focus on developers that have access to migrate their own changes to Census-related systems. Regular review of progress on security was also recommended, as was a review process to make sure the review processes are working.

The ABS has agreed to all recommendations. It now has nine months to get them right: Census day is 21 August 2021. ®


Keep Reading

Australia facepalms as Facebook blocks bookstores, sport, health services instead of just news

Reg writer on the spot reports that life without news links on The Social Network™ is just fine

Sunday: Australia is shocked UK would consider tracking mobile data to beat pandemic. Monday: Australia to deploy drone intimidation squads

Updated Bloody poms are full of great ideas

Australia wants Google to jump higher and sweat before it can buy Fitbit

Ad giant’s promise to play nice with other exercise gadgets accepted in Brussels, deferred down under

Facebook and Australia do a deal: The Social Network™ will restore news down under and even start paying for it

ANALYSIS Relationship status changes from ‘Separated’ to somewhere between 'In a Domestic Partnership’ and 'It's Complicated'

Australia mostly sticks to its guns in final plan to make Google and Facebook pay news publishers

YouTube and Instagram exempted, Bill kicked into committee for a while

Mark Zuckerberg and Sundar Pichai get back on the phone with Australia for more pay-for-news talks

Compulsory arbitration code clears committee without amendments, but cracks show as one major local signs big Google deal

Australia to track coronavirus encounters with payment card records

Plan calls to link government data across jurisdictions, even sharing airline records to track outbreaks and people who may be at risk of infection

Epic Games brings its Fortnite fight with Apple to Australia

+Comment Why Australia? Because it’s currently running an inquiry into app store monopolies, that's why

Biting the hand that feeds IT © 1998–2021