August 10, 2016 | Graham

Census fail



The failure of the online census software carries multiple lessons for Australian democracy, but also Australian defence.

It demonstrates our toxic culture, where many will burn the town down to save it, and it gives a glimpse into how vulnerable our infrastructure could be in the event of international hostilities.

First some clarification, and for this I am relying on the official account being accurate. According to the ABS the failure was not the result of a hack, it was the result of a denial of service attack combined with a high number of form submissions, an overloaded router and a false positive. After that the ABS took the form offline.

So, no data was accessed from outside the system.

But that is not the impression that the public has been given with incompetent journalists being unable to read a media release properly, and using the terms “hacked” and “hackers” freely (such as this article from the ABC, posted around 1:30 pm today).

Hacking occurs when someone actually penetrates a system, not when they manage to close it down by overloading it (which is the mechanism used by a denial of service attack).

Why was the census targeted? One “expert” claimed it was because the ABS had declared it was “hack proof” which would be like a “red rag to a bull”, but what led the ABS to make this claim?

It was a response to a long campaign by activists that the census data were not secure. What else could the ABS respond “yeah sure, our system can be hacked”?

This is a classic heads you lose tales I win situation. No answer would satisfy the complainant.

A bit like Labor spokesman Andrew Leigh who, while saying he thought it was safe to provide your name, sought to give every impression that there were problems with the census, and criticised the government for not explaining it better.

Why the government should be taking the rap for what an independent agency does is a little fuzzy.

He was seeking to profit from the paranoia, while proclaiming the necessity of the Census, but covertly being happy to sacrifice it for political advantage.

Then you have independent Nick Xenophon, and a gaggle of Greens, undertaking to withhold their names, in defiance of the law, although not encouraging the public to necessarily follow suit (yeah right).

More positioning for political advantage.

When they say the Census is vital, don’t believe them. What they really see as being vital is giving the impression that the government is in disarray, so they can drive a harder bargain somewhere else, and bugger the Census.

Ironically the Internet makes all of this more potent as blow-hards, with and without IT expertise, advise everyone that not only is supplying your name risky, and the information is not secure, but the government is introducing the Australia Card by stealth.

One thing is sure. Once the dust settles we need to know what actually happened, and the contractor, and or appropriate staff, held accountable if they are at fault in the technical delivery of the service. (In this respect it is a little ominous that IBM was the provider of the botched Queensland Health payroll system).

The other thing that is sure is that buying new jets and submarines is not the end of defence expenditure.

The chaos around the Census is just a little foretaste of what could happen in a serious conflict. At least the census has good redundancy, in the shape of a hard copy form, built in. And perhaps it was over-caution that brought the site down rather than the attacks.

But in the world of the “Internet of things”, with many systems and their data effectively being in the cloud, and our supply lines and infrastructure being largely just in time and increasingly computer controlled via the Internet, it could be possible to bring us to our knees without even a shot being fired with real hacking.

If it’s not in the supermarket, I’m not sure about you, but I have no idea how to find, hunt and bring it home. Without power I don’t know how long I’d be able to live on the food in the pantry and the jug of water in the fridge. What would I use for cash if the ATMs were jammed, or the banking system brought down?

Perhaps that means the Internet has brought mutually assured destruction down to another level, making war actually unthinkable, or perhaps it means we need to rethink what vulnerability actually means in a modern, internet-connected world.

The Census fail may prove to be a blip, but it is a blip that should set us thinking. Especially with sabre rattling not just confined to the South China Sea, but occurring in the Olympic swimming lanes.

 



Posted by Graham at 4:14 pm | Comments (3) |
Filed under: IT Tags: