A decade after the last census disaster, the security of this year’s count is at risk
The findings reopen questions around census resilience almost a decade after the 2016 online census failure, when the digital form was shut down after a number of distributed denial-of-service attacks as part of a deliberate attempt to sabotage the national survey. The form could only be restored 40 hours later. A DDoS is a cyberattack in which hackers attempt to crash a system by flooding it with bots – or Trojan – accounts. This year’s census, due to take place on August 11, will be
the most digitally dependent yet. The ABS expects 85 per cent of Australians to complete the form online, with the $726 million program also introducing access through myGov and expanded use of artificial intelligence. The audit found the ABS identified and assessed cyber risks, but its governance arrangements did not always give senior decision-makers the clearest picture of emerging threats. Among the findings, oversight committees were not always receiving “the most up-to-date or accurate information on cybersecurity risks”, while updates were sometimes incomplete and inconsistencies
emerged between strategic and operational risk assessments. The report also delivered a broader criticism of planning inside the federal government agency, finding there had been “insufficient consideration” to cybersecurity planning because preparations did not fully address risks across the entirety of the ABS. The audit noted similar concerns had been raised in a previous review into the 2021 census.
Australian census, ABS, cybersecurity, audit findings, 2016 online census failure, DDoS attacks, myGov, artificial intelligence, August 11 census
So they’re doing the census online again? Bold.
I don’t get why they keep relying on myGov like it’s some magic fix. If the 2016 thing got messed up, wouldn’t that mean the whole system is cursed or whatever. Also $726 million is a lot for it to still be risky.
Isn’t a DDoS just like… a lot of people refreshing the website at once? Like couldn’t regular traffic do the same thing? Then they blame Trojans and bots but half the time it’s just servers choking. Either way, “AI” sounds like it’s gonna make it worse if someone can game it.
They always say they assessed cyber risks but somehow senior people didn’t get the full picture… cool. That audit basically sounds like “we knew but didn’t really manage it” which is super comforting right before Aug 11. And why is there expanded AI in the census? Like are they letting a machine decide whether your info counts? I swear every time they do something online it turns into a mess.