Prime Minister, Malcolm Turnbull, has once again taken IBM to task over its role in the failure of the government’s Census website to withstand a series of distributed denial of service (DDoS) attacks in August.
“It’s quite clear that this was a failure by IBM to deliver on their contractual commitments,” Turnbull told Melbourne’s 3AW Radio.
“That is clear; they had a contractual obligation to proof the ABS website, which they were managing, from this type of denial-of-service attack, and what occurred was not a massive attack or an unprecedented attack. It was highly expected,” he said.
Turnbull’s renewed attack on IBM over the 2016 Census debacle, which saw the site shut down for 40 hours following four DDoS attacks on Census night in early August, follows earlier comments that “heads will roll” at IBM over the incident.
However, in a public hearing into the 2016 Census on 25 October, IBM managing director for Australia and New Zealand, Kerry Purcell, revealed that the tech company had not undertaken any disciplinary actions against staff over the incident.
“I don’t want to forecast personnel changes, but obviously there are consequences for this,” Turnbull told 3AW. “In this case, it is clear – and I’m not passing the buck, it is fact, it’s been thoroughly investigated – that the fault was on the part of IBM, which was contracted to manage and operate the website.
“They had an obligation to protect it against denial-of-service attacks, and the measures that they’d agreed to put into place, they hadn’t, and they didn’t work, and that’s why you had the problems that occurred.
“And there were a number of other failures, but, fundamentally, that’s the reason for the problem,” he said.
Turnbull’s comments come after the special advisor to the Prime Minister on cyber security, Department of Prime Minister and Cabinet, Alastair MacGibbon, called out both the ABS and IBM over the outage.
“In many respects, while I will say to you that this was a failure to deliver on the contractual obligations that IBM had, there was a failure on the part of ABS to sufficiently check that the contract had been delivered,” MacGibbon told the Parliamentary committee investigating the 2016 Census.
“That could have been achieved through more assessments of the work done for them by IBM and their subcontractors,” he said.
Meanwhile, Turnbull reiterated that the ABS is currently searching for any accountability on its side as part of an ongoing internal investigation.
Turnbull’s latest comments on the Census outage come amid an ongoing blame game that has seen IBM claim that one of its two internet service providers on the Census project, Nextgen, and it’s upstream partner, Vocus, did not properly implement its ‘Island Australia’ geo-blocking DDoS attack prevention measures.
This is an accusation Nextgen and Vocus have both rejected.
Big Blue was contracted by the Australian Bureau of Statistics (ABS) to develop and manage the 2016 Census online portal in a 9.7 million deal.
For its part, the tech giant has questioned some of its internal processes following the incident, with IBM engineer, Michael Shallcross, suggesting that the company’s efforts to instruct Nextgen and Vocus in the implementation of its geo-blocking DDoS prevention had failed.
“It’s apparent from the submissions brought by Nextgen and Vocus that perhaps the internal communications had not conveyed adequately the intent and instructions of and surrounding the implementation of Island Australia,” Shallcross told the senate committee investigating the project.