Govt could chase IBM for damages over Census failure

The federal government has raised the spectre of a court battle with IBM should it find the service provider responsible for a damaging outage to the national online Census on Tuesday night.

Treasurer Scott Morrison today said the government would look "so thoroughly" into the issues behind the collapse of the website.

"And if there are issues relating to the service provider in this case, then you could expect us to pursue that to the nth degree," he told ABC's AM program.

"Because what happened here is that people were contracted. They were contracted some years ago, back in 2014. The decision to go to the e-Census was taken back in 2011. It was provisioned in the 2013-14 budget.

"So the resources were there. The capability assessments and reviews were undertaken. The assurances were provided and the events of 48 hours ago or thereabouts just over that, occurred."

IBM was awarded a $9 million contract in 2005 to develop and support the web-based Census application, and another $9.6 million in 2014 to host the platform in its data centre in the Sydney suburb of Baulkham Hills.

Prime Minister Malcolm Turnbull yesterday ordered an inquiry into the collapse of the website, which was unavailable periodically on Tuesday until the ABS opted to take it entirely offline later that night. It was restored mid-yesterday.

Turnbull laid blame for the bungle squarely with IBM, claiming the contractor had failed to repel a "completely predictable" denial of service (DoS) attack on the platform.

The PM's cybersecurity advisor Alastair MacGibbon has been directed to inquire into whether IBM did enough to protect the Census.

“Measures that ought to have been in place to prevent these denial-of-service attacks interfering with access to the website were not put in place," Turnbull said yesterday.

"That was a failure that was compounded by some failures in hardware – technical hardware failures – and inadequate redundancy."

The ABS attributed the collapse of the e-Census to four DoS attempts throughout Tuesday, combined with the subsequent failure of the Census' geoblocking function and the collapse of a router, which prompted it to take the site offline.

However, security experts have cast doubt on this claim, arguing the system had been badly architected and IT security corners were cut to save money.

The ABS has not responded to request for comment on the rumours.

IBM comes out of hiding

IBM has broken its silence on the Census debacle to tell the Australian public it “genuinely regrets the inconvenience” caused by the events on Tuesday night.

Despite attacks from the government, IBM insisted it was continuing to work diligently for its client.

“IBM’s priority over the last two days was to work with the ABS to restore the Census site. We are committed to our role in the delivery of this project,”it said in a statement.

“Our cyber security experts are partnering with national intelligence agencies to ensure the ongoing integrity of the site.”

It is not the first time IBM has found itself caught up in a slanging match with an Australian government.

The company only recently wrapped up a long-running court case with Queensland over the 2010 failure of the Queensland Health payroll system it was paid to install.

IBM successfully had the lawsuit thrown out of the Supreme Court, but it remains banned from signing any new contracts with Queensland government agencies.

Governments have had a patchy history at best trying to sue their IT partners for compensation in the wake of failed projects.

Before Queensland Health, the NSW government tried to sue its electronic ticketing consortium partner ERG over the Tcard saga only to find itself countersued, and ultimately forced to settle out of court.

The NT government backed down despite publicly threatening to pit its lawyers against Fujitsu over a $70 million asset management system disaster.

And more recently, South Australia successfully recouped $13.5 million from health software business Allscripts after it failed to meet deadlines in its beleaguered patient administration system rollout.