Security

In 2016 Australia's online census failed. Preparations for the 2021 edition have been rated 'partly effective'

Devs can make unauthorised changes, data integrity is a work in progress, security is not there yet ... and there's just nine months to go


In 2016 Australia's online census crashed and burned after legitimate attempts to complete the survey were mistaken for a DDoS attack, the routers funnelling traffic failed, and disaster recovery plans did likewise.

A probe into the fail revealed poor planning, little testing, and many red faces. The mess ultimately saw IBM pay AU$30m to the Australian government to compensate for costs incurred in making the census available. Big Blue was vindicated, to some degree, by the fact that Australian government agencies signed off on its security plans. The incident, which came to be known as #Censusfail, became a byword for Australia's government being bad at technology.

Little wonder, then, that the Australian Bureau of Statistics (ABS) decided to commission an independent audit of its preparedness for the 2021 census.

The first conclusion of the report [PDF] based on that audit is that planning to date has been "partly effective".

The report goes on to damn preparations with faint praise, finding that while "largely appropriate planning and governance arrangements" are in place, "the risk framework is compromised by weaknesses in the assurance arrangements."

On the IT front, the bureau's preparations are again rated "partly effective".

"Generally appropriate frameworks have been established covering the Census IT systems and data handling, and the procurement of IT suppliers. The ABS has not put in place arrangements to ensure that improvements to its architecture framework, change management processes and cyber security measures will be implemented ahead of the 2021 Census."

Australia's IBM-assisted Census fail burned AU$30 MEEELLION

READ MORE

The report also found that "partly appropriate" security controls are in place and that the bureau's high-level security measures and controls are "sound". However, the agency's security strategy has not been fully implemented.

Nor has the bureau fully implemented its new IT framework, so Census tech is not compliant and is in any event built outside the agency's architecture standards. It also lacks controls for managing non-compliance. "The ABS has not established a process to mitigate the risk of unauthorised changes being implemented across systems supporting the Census."

Data handling is not in great shape either. The review rated current practices as "partly appropriate" and warned the ABS "has not fully implemented controls for managing the quality and protection of 2021 Census data and does not have in place appropriate arrangements to monitor control implementation."

The report therefore recommended an assessment of the risks created by non-compliance, plus the creation of controls for mitigating unauthorised and inappropriate system changes. Those controls will focus on developers that have access to migrate their own changes to Census-related systems. Regular review of progress on security was also recommended, as was a review process to make sure the review processes are working.

The ABS has agreed to all recommendations. It now has nine months to get them right: Census day is 21 August 2021. ®

Send us news
9 Comments

Uber Australia to pay $178M to settle cabbies' class action

Nice payday for some, but plenty of Australians still pay extra to help drivers

Ten nations tell social media, banks, and telcos to get better at stopping scams

Australian minister singles out Meta – where Zuck has 600,000 Nvidia GPUs ready to roll

Australian techie jailed for accessing museum's accounting system and buying himself stuff

Also down under, researchers find security-cleared workers leaking details of their gigs

Australian spy chief fears sabotage of critical infrastructure

And accuses a former Australian politician of having 'sold out their country'

Meta kills Facebook News in the US and Australia

So much for the 'commitment to support news organizations' made in just 2020

Australia has no next-gen HPC investment plan and clouds can't fill the gap

Academy of Science calls for exascale system, which would cost more than current budgets for all supers

A visa to fill Australia's empty tech jobs is getting more expensive, but maybe better value

Application process gets a massive overhaul

Australian supercomputer 'Taingiwilta' comes online this year with [REDACTED] inside

Exec in charge laments that in defence HPC down under, you can pay a veteran expert a mere web dev's salary

Google Maps leads German tourists to week-long survival saga in Australian swamp

Pair had to dodge croc on trek back to civilization

India buys a third of the world's wearable devices

PLUS: Australian Parliament calls for Assange release; Japan's H3 rocket soars; LINE leak worsens

Square Kilometre Array precursor looks to filter out satellite interference

Starlink isn't the biggest problem, but increasing numbers of orbiting transmitters isn't helpful

Australia passes Right To Disconnect law, including (for now) jail time for bosses who email after-hours

Rushed law will lose criminal sanction, but debate about its utility is fierce