IBM was picked by Australian Bureau of Statistics (ABS) to run the eCensus platform. Part of the service involved the implementation of a geoblocking service called Island Australia that was designed to stop international traffic from targeting the census website.

However, the website suffered a catastrophic 40-hour outage after it was subjected to four denial of service (DDoS) attacks, which IBM alleges were a result of poor implementation of the service by Nextgen and its upstream provider Vocus.

“Had Island Australia been properly implemented by Vocus, the fourth DDoS attack would have been prevented, and the site would not have become unavailable to the public as a result,” IBM said in its submission to the Senate Inquiry into the census debacle.

However, Vocus has rejected IBM’s assertions, telling the committee that the DDoS attack was not responsible for the service disruption.

“Vocus does not agree that the fourth DDoS attack was the cause of the site becoming unresponsive,” the telco said in its submission.

“The fourth attack comprised of attack traffic which peaked at 563Mbps which is not considered significant in the industry, and lasted 14 minutes…such attacks would not usually bring down the census website, which should have had relevant preparations in place to enable it to cater for the expected traffic from users as well as high likelihood of DDoS attacks.”

Vocus has also questioned the efficacy of the Island Australia solution.

“The Island Australia approach does not consider the reality of overseas network operators connecting to Australian service providers inside Australian borders,” it said.

Meanwhile, NextGen says that IBM not only rejected its offer to take up an internet DDoS protection option for the purposes of the census but also kept the company in the dark about the Island Australia solution.

According to NextGen, it was “not privy to the IBM ‘Island Australia’ strategy until July 20” just six days before the census site went live.

“After becoming aware of ‘Island Australia’, Nextgen advised IBM that the IP address range requested by IBM was part of a larger aggregate network, and therefore it was not possible to provide specific international routing restrictions for this range.

“NextGen recommended using an alternative IP address range, which would give IBM better control, but this was rejected by IBM,” the company said.

The blame game between IBM and its subcontractors comes as ABS chief statistician David Kalisch told the Senate the bungle was going to cut the $100m in savings ABS was chasing by encouraging people to complete the survey online.

According to Dr Kalisch, the projected savings had been reduced to about $70m due to “remedial activities”.

“We have to date probably incurred additional costs of around $20m ... We anticipate possibly spending another $10m,” he told a Senate estimates hearing on Wednesday.

More related stories

Commercial

Goodman rides data centre wave with $4bn HK funds launch

The industrial property group is firmly established in data centres. But the extent of Greg Goodman’s ambition is only just being realised.

Read more

Aviation

Qantas urges customer vigilance after cyber attack

Personal information stolen from Qantas customers is yet to be ‘shopped’ on the dark web, nor has the airline faced a ransom demand as its investigations continue.

Read more