In the wake of the Australian census meltdown earlier this year – blamed on a distributed-denial-of-service (DDoS) attack – officials from IBM have said that some of the issues could have been prevented by the oldest IT trick in the book: turning a router off and on again.
IBM, which was awarded a $9.6m contact to host the online census back in August, was called to provide evidence to a Senate committee inquiry set up to analyse the failed nationwide headcount that left the Australian Bureau of Statistics (ABS) offline for over 24 hours.
Michael Shallcross, an engineer at IBM, told senators it was one of two routers that experienced problems on the day of the census. At the time, the census systems were hit by a DDoS attack from "overseas hackers."
Shallcross explained, as noted by ABC Australia, if the firm had another chance to test the security measures in place it would do some things differently.
He said: "If we had our time again we would have tested a hard power it off, power it on that router, that would have discovered earlier that we had that reboot and configuration loading problem."
The router was rebooted after officials became aware of the DDoS attack, ABC reported, which then mistakenly suggested that census data was being compromised. According to Shallcross, IBM engineers previously simulated the impact of the router being turned off however did not manually power down the machine.
"We did, during the lead-up to the census, test the impact of a failure of that router and ensure that a fail of the mechanism through the rest of the site worked effectively," he said. "We tested that router failure by simulating it, which is relatively easy to do in repeatable fashion."
Kerry Purcell, managing director of IBM Australia, said the firm "unreservedly apologised" to the Australian public and the Australian Commonwealth for the issues caused. "We were head contractor in this matter and hence we take full responsibility for our role."
Purcell said that negotiations are now taking place between IBM and Treasury chief John Fraser about the chance of financial compensation. The government has maintained that despite the cyberattack taking its systems offline, no citizen data was compromised at the time.
At the time, the country's prime minister, Malcolm Turnbull, played down the scope of the attack and maintained no sensitive information was stolen by hackers. He said: "The one thing that is absolutely crystal clear is that there was no penetration of the ABS website.
"What you saw was the denial-of-service attack or a denial-of-service attempt which, as you know, is designed to prevent access to a website as opposed to getting into the server behind it. Some of those defences failed, frankly."
Independent Senator Nick Xenophon previously slammed the census outages as "a monumental failure of a government program of the first order.'' He said: "For the ABS, for the government to say this is not a cyber-attack is a bit like Monty Python's Black Knight saying he just copped a flesh wound."