back to article IBM pays up after 'clearly failing' DDoS protection for Australia's #censusfail

Australia's census all-but failed due to a combination of poor design, bad operational decisions, human error and numerous lazy and/or bad decisions that could have been avoided had warnings about corporate culture been heeded, or Australian government agencies properly educated about what it takes to deliver digital services …

  1. dan1980

    MacGibbon also mentions the Australian Public Service Commission (APSC) Capability Review of 2013 that found the ABS to be “insular, inward looking, reactive” and recommended an overhaul of its culture. That overhaul largely hasn't happened, leaving the ABS “an exemplar of established government practice: ticking the boxes, but not appreciating the challenges change presents.”

    This, to me is the main problem.

    Yes, IBM have failed, as they have before with government contracts but those failures, like this one, were made far more likely by the lack of understanding, responsibility and basic diligence of the associated agencies.

    What angers me - and anger is the correct word - is how defensive the ABS were throughout. They seemed utterly unwilling to even entertain the possibility that they weren't infallible and that maybe, just maybe, some of the scores of highly intelligent, experienced critics might have had a point.

    But no, it was all: we know what we're doing, we're right about it and anyone who says otherwise doesn't understand the facts.

    1. Ole Juul

      Could this ever change?

      "we know what we're doing, we're right about it and anyone who says otherwise doesn't understand the facts."

      In other words, corporate culture.

    2. Anonymous Coward
      Anonymous Coward

      Good point, it's the same attitude they had to the data retention changes. Condescension is a poor substitute for competence.

      1. dan1980


        Exactly. It's arrogance and, once you see that, you realise that the failure of the online census and the decision to retain personally-identifiable information were both the result of this - they weren't isolated issues.

        In both cases, they made their decisions by themselves and neither sought nor accepted input from those outside the process. In the case of the retention of identifiable information every action (and inaction) points to them deliberately trying to avoid anyone from providing input.

        So let's add it up:

        • They investigate retaining private information despite every previous report rejecting it
        • They commission a report, which, again, says not to
        • They ignore it and decide to push ahead anyway
        • They make no big annoucements and do not involve Parliarment
        • Once people find out, there is a large swell of concern, with many academics and experts in IT, Law, Privacy and even Statistics voicing deep reservations and outright condemnations
        • The ABS ignores them
        • The criticisms kept coming, with several of the peoples' democratically-elected representatives requesting reviews and even announcing boycotts
        • The ABS again largely ignores this and simply asserts that there is nothing to worry about, refusing to reconsider or even engage in any dialogue

        What does that say about the organisation? The short version is that they wanted to do something and ignored anyone and everyone who questioned them, be they citizens, experts or even politicians.

        With that as their stance when it comes endangering the privacy on millions of Australians, it would have been more surprising had it gone smoothly.

        1. Cpt Blue Bear

          "It's arrogance"

          No, its fear.

          I've been involved in writing a few postmortem disaster reports (on a much smaller scale and fuck load less public, mind) and this looks like a classic case where the underlying problem is fear. The people making the decisions are terrified because they know they can't do the job. They make bad decisions because they want to believe someone else will dig them out of their hole. They bluster and repeat the official line when questioned while knowing full well is BS because that's all they can do. They hide the truth, dissemble and lie outright. And they panic.

          Every one of your bullet points can be explained by an underlying culture of fear.

  2. Phil Kingston

    So a complete titsup and everyone's still in their jobs and we'll never know what recompense IBM had to make?

    It's not the culture leading up to the failure that's the issue - it's the fact it's clearly still in place.

    1. Oengus

      Australian Government

      So a complete titsup and everyone's still in their jobs and we'll never know what recompense IBM had to make?

      Title says it all... No more or less is expected from our incompetent, ineffective politicians and bureaucrats.

  3. Disgruntled of TW

    Bootnote tells all ...

    The Bootnote says enough. The culture won't change without consequences, and there have been none.

  4. Adam 1

    it's actually quite simple

    1. IBM don't want to get excluded from circa $500,000,000 pa in contacts. $30,000,000 (and it's less) is a pretty good investment on those numbers.

    2. The government can't afford the focus to fixate on their failure to appoint someone to that position for the better part of a year and to accidentally forget it in a reshuffle, and then replacing the minister in charge mere weeks before. They can't even stop their coalition partners from freelancing, they need this off the front page.

    3. The ABS needs this to disappear too. They have screwed up numerous indexes over the past few years because of poorly planned methodology changes. Their hubris on privacy was exposed for what it is. Everyone I spoke to on it scratched their heads about how the maximum anticipated load could be so low. It defied common sense. Everyone I have spoken to who I would describe as technically literate were puzzled by the suggestion that ddos can be prevented with geo blocking (even if done well). Let alone the inevitable truth stretching that happens when people are forced to identify themselves. The data will be forever tainted by larger than typical "typos". But hey, at least linkage keys right?

    So this settlement is a win win win for IBM, the government and the ABS. Just a shame for the rest of us who hoped that it might be useful for policy development.

  5. Mellipop

    Were datapower network boxes being used?

    Just asking.

    1. Anonymous Coward
      Anonymous Coward

      Re: Were datapower network boxes being used?

      If you know how to properly program the DataPower boxes they were incredibly useful and very powerful. However most people who had them didn't understand them, didn't get appropriate training, didn't spend 6-12 months getting the experience in using them. These were not plug and play. not even plug and pray.

      It didn't help that IBM brought the company in, didn't understand what they had and struggled to keep the docs and training up to date.

      Posting anonymously as I have previous on these boxes :)

  6. Anonymous Coward
    Anonymous Coward

    Everyone keeps their job, the game is the problem

    People respond to incentives. Governments tell us this all the time which is why they tax our sins, or rather those actions they have determined are sinful. Governments believe in incentives when it comes to the people.

    When governments do not believe in the power of incentives when it comes to their sins, do not believe they should face the same negative consequences others have to for similar sins, it is no longer a government by or for the people. The fig leaf of democracy elections give is being used to hide behind, defend, the fact that the game and most of it's players are unaccountable.

    The larger problem is the game itself. We are allowed to change some of the players, choose new leaders from a list drawn up for us, but changing the players isn't changing the game.

  7. AlexG_UK

    Have you power cycled it yet?

    "IBM had never tested what would happen if it turned it (the router) on and off again"

    Now .. I'm not a networking expert, but I rather think if they turned the router on it MIGHT work, but once the turned it off again, well, it certainly wouldn't work.

  8. Myvekk

    "Nobody ever got fired for buying IBM."

    Still true today...

  9. Diogenes

    Aussie Post fails as well ?

    I filled mine out and and its still sitting in my bottom drawer. Had a single follow up visit from a census collector a week after the date, told her I had mailed it. From experience (they were chasing some stats when I ran my own business) I would have expected 5 follow up calls by now so Aussie Post must have mislaid many many forms as well.

  10. Richard Pennington 1

    I was involved in the 2011 UK census

    I was involved in the 2011 UK census, which also had (in the UK, for the first time) a facility for the public to complete the forms online.

    I do not intend to detail our solution, save that one of our assumptions was that everyone and his/her dog (all over the UK) would attempt to use the system as soon as it went live - thus creating a usage profile *from legitimate users* which closely resembles a DDoS. We therefore had a very heavyweight Internet-facing gateway which filtered out the Internet's usual cybercrud, and which had behind it a traffic management system which, if threatened by overload, would show a "graceful delay" screen along the lines of "Sorry, we're busy right now - please try later".

    We also had a plan (to be performed in the event of loss of functionality in our control centre) to move operations to a secondary centre in another part of the country. One of our test exercises, before the system went live, was to perform exactly this transfer of operations.

    Sadly, after the 2011 UK census went live, the team was scattered. However, those planning similar exercises in future might do well to recruit the *individual* members of that team. We've been there and done that - and our system worked.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like