Cyber criminals around the world will be targeting Australians on Census night as they did in 2016, but the federal government says that this time around, your data will be safe.
The five-yearly population count provides a key indicator of Australians’ habits and behaviour.
The 2016 Census was Australia’s first online attempt and it did not go well. In fact, then PM Malcolm Turnbull described it as a “humiliating debacle”.
The government hopes Tuesday 10 August is not a rerun of 2016 after it called in national security agents and cyber experts to “completely rebuild” its online Census system, which was hacked in 2016 and subsequently taken offline for two days.
“Australia’s first online Census in 2016 was a disaster,” said the director of RMIT’s Centre for Cyber Security, Professor Matt Warren.
“The Census website was hit with a number of distributed denial of service attacks on day one followed by a hardware failure; the website being taken offline for 40 hours and [making] global headlines.”
How well the government has learnt from the lessons of 2016 #CensusFail remains to be seen, but the Australian Bureau of Statistics (ABS) says there will not be a repeat performance.
It also reiterated that even though the system failed, no personal information was inappropriately accessed, lost or mishandled.
This year, it spent $7 million with consultant PwC, which completely rebuilt the census digital services system.
“Since the DDoS incident which affected the 2016 census, the ABS has implemented DDoS protections and conducted regular DDoS testing to verify its protections,” an ABS spokesperson told Government News.
“The Census Digital Service has been architected and designed to handle large loads and defend against large-scale sophisticated DDoS attacks.
“The Census Digital Service has undergone extensive security testing including a number of rounds of very large DDoS tests.
“Keeping people’s information safe, secure and protected from cyber-attacks is of the utmost importance for the ABS.”
Prof. Warren said last time around the problems largely stemmed from shortcomings in the service agreement with the provider, IBM, and from the system not being properly tested.
He hopes it’s different this year.
“A lot changes online in five years. Australia is facing new geo-political issues and new cyber challenges and this is the environment for the upcoming Census,” he said.
“Cyber attackers will look at weaknesses in the online Census system, with coordinated distributed denial of service attacks or cyber-attacks being the prize.
“Cyber attackers target big projects and initiatives like the Census to embarrass the Australian government, implying it can’t manage key high-profile systems.
“The Australian Bureau of Statistics and the Australian government know what is coming and would have built security and resilience into the Census system to protect against potential attacks.
“The stakes are high and only time will tell what happens on Census night and if the 2021 Census will become another global headline.”
Nearly one in four Australians have been the victim of identity crime at some point in their lives, says government research. The Census provides an almost irresistible target for cyber criminals and identity thieves.
Senior analyst with the Australian Strategic Policy Institute, Tom Uren, said he would be surprised if the Census wasn’t targeted.
“It’s very likely that, like last time, the Census will be targeted by garden variety denial of service attacks that try to overwhelm it,” he said.
“I’d be positively surprised if they weren’t targeted.”
Prof. Warren believes one of the main reasons to target the Census would be to embarrass the government or erode public confidence in the ABS.
“The census is a very high-profile online event for Australia which cyber adversaries around the world would be focused on,” he said.
“Certainly, there are going to be attacks because of the nature of the system being online.”
Mr Uren is confident this year’s Census system will be robust enough to withstand attacks.
“I’m sure that the security and resilience of the Census has been thought about a lot more seriously and there are a lot more protections,” he says.
“This doesn’t guarantee it’ll go off without a hitch, but I’m optimistic that it will work well.”
Prof. Warren is just as optimistic, but says as with most things in life, there are no guarantees.
“Certainly, the government has prepared for it, but Tuesday’s going to be the date where we find out if this has been successful,” he said.
A scathing Senate report into the 2016 Census said the 2016 attack was “of such a small size that it should have easily been handled effectively”.
And while the ABS says there should be no issues this year, a report by Australian National Audit Office claims “the ABS had not fully implemented all the lessons from the 2016 census”.
Time will tell.
Are you concerned about your personal data or do you think the ABS and the government have it all under control? Why not share your thoughts in the comments section below?
If you enjoy our content, don’t keep it to yourself. Share our free eNews with your friends and encourage them to sign up.