For almost two full days in August, a distributed denial of service attack shut down Australia’s 2016 online census system. Now engineers from IBM, the service provider for Australian Bureau of Statistics, admitted the problem could have been prevented if it had turned one of the routers off and on again. Really.
The admission came as IBM “provided evidence to a Senate committee inquiry looking at the botched handling of August’s census,” according to Australia’s ABC.net. It said:
IBM senior engineer Michael Shallcross told senators one of two routers experienced difficulties when it was rebooted on August 9, the night of the census.
The router was rebooted after experiencing a Distributed Denial of Service (DDoS) cyber attack from overseas, but then mistakenly gave out information suggesting that census data was being compromised.
Mr Shallcross said while engineers simulated the impact of the router being turned off in the lead-up to August 9, they did not manually power the machine down.
“We tested the router failure by simulating it, which is relatively easy to do and repeatable,” Mr Shallcross said.
“If we had our time again, we would probably test a hard power-it-off, power-it-on with that router.”
“That would have discovered earlier that we had that reboot and configuration loading problem.”
The simplicity of the solution was not lost on lawmakers. ABC reported that Sen. Jane Hume said, “That’s the sort of level of technical competence I have with my computer.”
In September, ABS chief statistician David Kalisch blamed IBM for not being prepared for a DDoS attack. According to the Guardian, he said, “Despite extensive planning and preparation by the ABS for the 2016 Census this risk was not adequately addressed by IBM and the ABS will be more comprehensive in its management of risk in the future.”