The minister responsible for the census has done a semantic dance around whether a Denial of Service attack is really an ‘attack’ at all.
This morning the Australian Buereau of Statistics blamed a DoS attack for the decision it made to close down the online Census form last night.
Small Business Minister Michael McCormack in a press conference today said that: “this was not an attack nor was it a hack, but rather it was an attempt to frustrate the collection of ABS census data”.
The ABS has “employed a cautious strategy” in its decision to shut down the online census form, he said, “to ensure the integrity of the data already submitted was protected”.
McCormack gave a post-mortem of the outage explaining that following two expected DoS 'attempts' yesterday morning, the ABS and IT partner IBM put its 'comprehensive DoS mitigation response plan' into action which included the geo-blocking of international traffic.
At around 5:00pm there was a modest increase in traffic which was 'auto-defended by firewalls', he said, before a 'small scale Denial of Service' at 6.15pm which was 'stopped by standard protections'. At 7.30pm there was a new Denial of Service attack which "took a different format than those previously at the same stage a large increase in traffic occurred".
The DoS attacks also resulted in the failure of a router which became ‘overloaded’, McCormack said.
“After this what is known as a false positive occured. This is essentially a false alarm in some of the system monitoring information.”
The online form was disabled at 7.45pm after the ABS took the decision to prevent further incidents, as a precaution.
“The decision to shut down the online form was made to safeguard and protect data already submitted. It was a decision taken by the ABS,” McCormack said.
The ABS, Australian Signals Directorate and IBM spent the night testing the system’s integrity, the minister said.
This morning Australian Privacy Commissioner Timothy Pilgrim said he was commencing an investigation “in regards to these cyber attacks”.
Forrester’s CIO Advisor John Brand has said that the outage indicated that either a DDos attack had been developed that could go completely undetected by current monitoring and analysis systems or that there was “a lack of understanding of the current threat landscape by the the ABS and their service providers”.
“This clearly demonstrates that large scale internet platforms - whether hosted internally or on publicly available infrastructure - have to focus more seriously on threat intelligence and targeted near-real-time response capabilities. The old approach of simply putting up barriers to provide confidence for protection, doesn't solve some of the underlying and very fundamental problems,” he added.