The Minister in charge of the 2016 Census, Michael McCormack, and ABS boss David Kalisch have entered full-scale damage control over the continued outage of the Census online system.
McCormack and Kalisch blamed a “confluence of events” for the Census website being taken offline. Earlier, Kalisch had attributed the failures solely to the DoS attacks.
However, in an updated post-mortem, McCormack said the issues were the result of four DoS "attempts" - at 10:08am, 11:46am, 6:15pm, and 7:30pm - paired with the subsequent failure of its geoblocking function, and the alleged collapse of a Telstra router.
Update 10 August 2:05 pm: Telstra has issued a statement denying any responsibility for the router in question, and claims the ABS has accepted that the advice it provided on this matter was incorrect.
"It was not a Telstra problem, it had nothing to do with Telstra. They had a router problem.
"The router in question is not owned or managed by Telstra or operating in a Telstra facility. We provided a network link and that has worked perfectly throughout and continues to do so," said a Telstra spokesperson.
ABS and its Census IT partner IBM switched on geoblocking in response to the denial of service attempts, which were identified as coming primarily from the United States.
McCormack said when the geoblocking fell over, and the router failed, the agency took the “cautious” decision to take the whole ABS website offline to safeguard customer data.
They insisted that the ABS was equipped to deal with large volumes of traffic and IT security threats, and that systems had been purposely taken offline as a "precaution".
They also insisted no data was lost or compromised by the series of DoS attacks levelled at ABS systems.
“At no stage during these incidents last night was any information obtained nor was there any entry into the system," McCormack said.
"The ABS has assured the government of this fact and that has been confirmed by the Australian Signals Directorate."
The federal government’s recently appointed cyber security advisor Alastair MacGibbon backed the bureau’s handling of the event.
“It was deemed to be better last night to inconvenience Australians and to shut down the website than to compromise the data already collected and compromise further data that may well have been collected during the period,” he told a press conference this morning.
“A denial of service is not a breach, it's not designed to take data.
“A denial of service is designed to frustrate … it's equivalent to me parking a truck across your driveway to stop vehicles coming in and out."
The government has been at pains to prove the outage had nothing to do with its hosting capacity being overwhelmed. The minister said at its peak the Census was taking 150 forms a second, despite being equipped to deal with up to 260 a second.
MacGibbon, a respected security expert and former head of the AFP’s high tech crime centre, linked the attack to controversy surrounding the ABS’ decision to link Census responses to names for data matching purposes this year.
He acknowledged there has been “an awful lot of conjecture” about the Census, which has forced the agency to defend its ability to protect citizens’ personal information.
“The more we talk about it, the more people decide to see if they are better than we are,” he observed.
“In this case I'd say it ended up a draw."