If there was ever a textbook case of a stunt not to pull when people are scared and confused, Government Services Minister Stuart Robert’s trust train wreck masquerading as a press conference for why the myGov website choked on its own traffic was it.
The alleged cyber attack has been shown up as a dud, as if the community doesn’t have enough on its plate.
With a huge welfare relief package just announced hours before, checkpoints rolling out across closing state borders and the shutters coming down on pubs, clubs and even churches there was always going to be a massive crush on government web pages come Monday.
The last thing people needed to hear was that access to the social security safety net was being jeopardised by cyberattack, especially when the claim was transparently dubious.
Today, Australians understandably grumble and curse when government or commercial websites flop under load. Because it’s annoying, wastes our time and can stall the economy.
But, right now, people know things are crook and that ‘normal’ is now a transient term.
Learning to fail fast
For the most part, Australians grudgingly understand that when an online step-up is too steep, web performance can stall like a clumsy clutch drop on a sharp handbrake hill start.
What possessed Robert to call out a denial-of-service attack (DDoS) is a bit unclear, but it reeks of cack-handed deflection and blame-shifting.
It took just minutes for observers in security circles, finance and telecommunications to wince and shake their heads at what Robert had bowled-up.
Especially after the notorious Census Fail incident that was also a traffic related problem masquerading as a DDoS.
Cyber folk are all-antennae at present because population habits shifting en masse offer a myriad of threats and opportunities.
Cyber attacks are expected. Ministerial deployment of fake FUD less so. So there’s a pattern forming here, and it’s not a good one.
The Australian Signals Directorate swiftly put diplomatic distance between Robert’s statements and its own protective turf handled by the Australian Cyber Security Centre.
“The ACSC is engaging with Services Australia on this reported incident and will continue to provide assistance,” an ACSC statement said.
“At this stage, the ACSC has no evidence to suggest this outage was caused by malicious cyber activity.”
By mid-afternoon, Roberts had crab-walked away from his previous DDoS statement.
Lots of things are failing at the moment. The question is how quick they can recover, not how to apply Teflon.
Blaming the customer
Centrelink, myGov and the federal government’s wider service delivery efforts have a long and inglorious history of frustrating users online and over the phone whether it’s through buggy apps, epic wait times or busy signal from the call centres.
It’s one of the key reasons the Prime Minister Scott Morrison moved so swiftly to model the new Services Australia construct on the far better-liked Service NSW delivery template.
Service NSW does have issues and availability flubs; but the big difference is that state ministers and their bureaucrats cop the blame, eat humble pie, apologise and move on.
It happened with the digital licence – there was a stampede – but cooler heads prevailed.
When people see agencies and their leaders suck-it-up and apologise, they might flame them at the time but will later cut them some slack.
Outage protocol and communications is well-entrenched in banks – some better rehearsed than others – but it’s there.
What’s jarring is Roberts and Services Australia don’t yet seem to have grasped the power of a simple, humble apology. All people wanted was a straight answer – like ‘look, the site’s getting flooded, we’re working on it, please be patient.’
Banks do this, airlines do this, governments do this, it’s outage triage 101.
With a million people hitting the dole queue, a thin-skinned, hypersensitive siege mentality just won’t cut it.
Institutional hypersensitivity syndrome
The most disturbing part of today’s myGov outage persistent and increasingly implausible series of denials from Roberts that the website had crashed at all.
The denials sounded hollow, condescending, defensive and inept.
The worst element of it was that the man tasked with one of the biggest welfare rollouts in Australian history felt it appropriate to argue that general website unavailability was not technically a crash – as if the millions of people scared for their jobs were capricious idiots.
This laid bare either a breathtaking lack of awareness of, or sheer indifference to, years of frustrations welfare clients have endured with policymakers and bureaucrats making excuses for delivery failures ranging from epic call waiting hold times to the brutally clumsy application of Robodebt.
It tells customers their experience doesn’t count and nor do they.
Over the past decade, the federal government, and the federal welfare bureaucracy, have developed an institutionalised bunker mentality that any exposure of service delivery failings is a product of a hostile, ideologically driven media and client base seeking to discredit them.
Year after year of crackdowns, swoops and ham-fisted data-matching dragnets to catch a shrinking pool of over-claimants have produced a compliance-driven culture where laborious process and high-effort for access have become the hallmarks of increased barriers to entry for social security.
Booting people off the dole, shaming shirkers, the Robodebt fiasco and so much more have become emblematic of what some call a culture of ‘punitive welfare’ that makes customers put in a huge amount of legwork to access a social safety net.
In some policy circles it’s known as ‘the bludger pantomime’ or ‘welfare theatre’.
‘Don’t make the app too easy to use, people need to work for their benefits.’
‘Don’t like spending two hours on hold … it’s not like you’ve got a job.’
‘Don’t like our erroneous assessment of your unstable income? You’ll have to disprove it or pay back the money.’
And on it goes.
How a welfare agency veered from distribution of benefits to a massive alleged overpayments recovery regime beggars belief. If rules need to be simplified, so be it.
Because the current model, and the business rules that underpin it, are simply no longer fit for purpose given the extent of the current crisis.
There is a big online delivery and business rules challenge; but it’s not as big as the institutional muscle memory of the ‘bludger pantomime’.
The coming days, weeks and months will be the biggest test the Australian government’s online infrastructure has ever faced.
There are real questions as to whether the current centralised Services Australia entry point can scale and cope in the coming days, especially on the customer onboarding front.
Banks, could help verify and validate exiting customers by co-processing applications for benefits.
The Commonwealth Bank of Australia already has a ‘benefits finder’, so we know the architecture is there if needed.
The question now is whether Robert, and what used to be the Department of Human Services, is prepared to ask for a hand up.
One thing is for sure: this is not the time to be making up flaky excuses and the back-pedaling.
Nothing will kill trust faster than that.