IBM in Settlement Talks With Australia Over Botched Online Census -- Update
October 25 2016 - 1:07AM
Dow Jones News
By Rob Taylor
CANBERRA, Australia-- International Business Machines Corp. is
negotiating a settlement with Australia's government over a bungled
effort to oversee the country's first online census, senior
executives said Tuesday.
The Australian Bureau of Statistics paid IBM 9.7 million
Australian dollars (US$7.4 million) to oversee technical
preparations and software used for the census, which was knocked
offline for 40 hours on Aug. 9 following a series of small-scale
distributed denial-of-service attacks from an unidentified location
overseas.
Kerry Purcell, managing director of IBM's operations in
Australia and New Zealand, told a parliamentary inquiry looking
into the matter that subcontractor NextGen Networks was mainly
responsible for the failure that knocked out the census website,
along with internet service provider Vocus Communications.
But IBM accepted responsibility as the prime contractor, he
said, and had begun talks with Australia's Treasury Department on a
confidential settlement over the outage, estimated to have cost
Australian taxpayers at least A$30 million.
"We are looking to constructively resolve the matter as soon as
possible, " Mr. Purcell said. "I am confident we'll be able to
achieve some kind of outcome in the very near future."
In tendering for the census in 2014, IBM promised its eCensus
software and online preparations would be "highly resistant to web
application security attacks." The company also said faults would
be resolved within 30 minutes. Australia's census didn't come back
online for three days.
Mr. Purcell and another IBM executive, Permenthri Pillay,
rejected accusations from one investigating lawmaker, Sen. Jane
Hume, that Australia had been a "crash-test dummy" for a digital
census process to be used as a partial model by Canada, the U.K.
and the U.S., as those countries also moved their surveys
online.
"I would suggest that Australia is leading the way and being a
leader in the digital agenda," Ms. Pillay said.
Australian Prime Minister Malcolm Turnbull ordered the
investigation into attacks and singled out IBM early on for
failures that could dent confidence in efforts by the company to
manage census processes in other countries.
In a denial-of-service attack, an online attacker typically
attempts to overwhelm a network by flooding it with information. A
distributed denial-of-service attack involves traffic from multiple
sources.
Australia's chief statistician, David Kalisch, told lawmakers
last week that the census failure had cost tens of millions of
dollars to resolve as officials worked to restore access and public
confidence.
"The Australian Bureau of Statistics made a number of poor
judgments in our preparation for the 2016 Census that led to the
poor service experienced by many households," Mr. Kalisch said.
IMB confirmed that there were four DDoS attacks, the first
occurring at 10:10 a.m. and the last at 7:27 p.m., at which point
the census website was taken offline. While apologizing
"unreservedly", the company said no personal census data had been
compromised or stolen.
The majority of the traffic came from Singapore, the company
said, with IBM engineer Michael Shallcross telling lawmakers that
Australia-based NextGen and Vocus Communications failed to
introduce agreed-upon protocols to block intrusions from offshore,
under a geoblocking strategy called "Island Australia."
Mr. Purcell said no one within IBM had been fired or disciplined
over the failed process, while Vocus Communications said in its own
submission to lawmakers that IBM alone was to blame.
"The cause of the census website being unreachable was IBM
employee's [sic] falsely identifying normal traffic patterns as
data exfiltration, and manually turning off their Internet gateway
routers," the Vocus submission said. "The IBM submission that Vocus
had committed is inaccurate as Vocus was not, prior the fourth
attack, advised of Island Australia."
Alastair MacGibbon, the prime minister's special adviser on
cybersecurity, had previously told lawmakers that most of the
cyberattacks came via the U.S., although it was unclear if the
disruptions originated there.
Privacy was a widespread concern leading up to the census, in
online and paper versions, after the statistics bureau and the
center-right government announced plans to collect and store
identifying information of about 24 million Australians, including
names and dates of birth, household incomes and religious
beliefs.
Australia has been frequently targeted in cyberattacks,
including the attempted hacking of the country's weather bureau
last December, thought by officials to have originated in China.
But other attempts have been blamed on online privacy
activists.
Write to Rob Taylor at rob.taylor@wsj.com
(END) Dow Jones Newswires
October 25, 2016 01:52 ET (05:52 GMT)
Copyright (c) 2016 Dow Jones & Company, Inc.
Vocus (ASX:VOC)
Historical Stock Chart
From Jan 2025 to Feb 2025
Vocus (ASX:VOC)
Historical Stock Chart
From Feb 2024 to Feb 2025