ABS Confident IT Infrastructure Can Handle 2021 Census Risks


By Staff Writer

The Australian Bureau of Statistics (ABS) is preparing for its biggest night of the year. On Tuesday evening, the 2021 Census takes place. The census provides demographic data for the Australian Government, helping it plan expenditure and allocate resources.

But with people encouraged to complete the census online, there are widespread concerns regarding possible cyberattacks and IT failures. During the last 2016 Census, distributed denial-of-service attacks and a hardware failure sent the ABS website offline for nearly two days.

IBM designed the system for the Australian Census 2016, taking a significant reputational and financial hit for the failure. This time around, IBM is out of the picture. Julian Doak, CIO at the ABS, has spent the last five years rebuilding the IT infrastructure in readiness for Tuesday night.

Professor Matthew Warren is the Director of RMIT’s University Centre for Cyber Security Research. He thinks the ABS will have to work hard to keep its systems up and running.

“A lot changes online in five years. Australia is facing new geopolitical issues and new cyber challenges, and this is the environment for the upcoming Census.

“Cyberattackers will look at weaknesses in the online Census system, with coordinated distributed denial of service attacks or cyberattacks being the prize.”

Doak says the ABS has been preparing with stress tests and ethical hacking. There has been continual load testing, distributed denial-of-service testing, penetration testing, and code reviews.

Also onboard at the ABS is cyber incident response group PagerDuty. In addition to workshopping possible scenarios and responses with the ABS, PagerDuty will be on hand throughout the census to ensure the ABS avoids a repeat of the 2016 Census night.

This year, global consultancy PwC has the $7 million contract to deliver the census digital services. Amazon Web Services is hosting the data within Australia. Once census data is submitted, it is immediately encrypted, and only the ABS has the decryption key.

“Cyberattackers will look at weaknesses in the online Census system, with coordinated distributed denial of service attacks or cyberattacks being the prize,” Professor Warren warns.

“The Australian Bureau of Statistics and the Australian Government knows what is coming and would have built security and resilience into the Census system to protect against potential attacks.”

The ABS is confident there will be no repeat of 2016. In a statement, an ABS spokesperson said;

“The Australian Bureau of Statistics has completely rebuilt the Census Digital Service, including cybersecurity protections informed by the Australian Cyber Security Centre and other experts.

“The Census Digital Service has been architected and designed to handle large loads and defence against large-scale sophisticated DDoS attacks. The Census Digital Service has undergone extensive security testing, including a number of rounds of very large DDoS tests.”

Professor Warren says the stakes on Tuesday are high. All the stress testing in the world cannot account for the unpredictable nature of cyberattacks and outages.

“Only time will tell what happens on Census night and if the 2021 Census will become another global headline.”