2016 will be remembered as the year technology giant IBM hit the headlines for all the wrong reasons. They’ve been blamed, almost completely, by the ABS for what’s now known as #censusfail. IBM has recently sacked a couple of staff over the incident but I think there’s more to it. So, to recap, on Census night the ABS suffered a pretty low-grade DDoS attack. There’s lots of technical chatter about the exact nature of the attack but it was a very small attack and the ABS panicked, pulling the census offline.
Unfortunately, it took them three hours or so to tell the world they’d taken this step. During that time thousands of Australians tried in vain to fulfill their obligations.
What made things frustrating was that the census wasn't taken completely offline. The actual census system was made up of two main components – a dynamic application hosted on the ABS’s own hardware and static content hosted by IBM. On census night, the application was taken down but the static content remained active. Hence, people were frustrated as it looked like the census was up but broken.
Here's where that's explained in IBM's original tender document.
The problem was that IBM was not allowed to host the census application as they lacked IRAM certification – something anyone wanting to provide cloud services to the government needs.
If you’ve got some time on your hands, you can read the entire ABS submission (a href="https://drive.google.com/file/d/0B6fRXFvYdlVKLVRPNF94WUIyNXc/view">ABS Submission on 2016 Census). There's a nice nugget on Page 61 where the ABS leaks the entirety of IBM's confidential information from the original tender. Helpfully, they put that information in bold text so we wouldn’t miss it.
It's certain we haven’t heard the last of this. For mine, the blame has to be borne by the ABS. It was their party, they set the rules for what services were meant to be hosted on which systems and the responsibility for testing was theirs.
It's easy to point the finger at IBM – who doesn’t enjoy smacking a big multinational around from time to time? And I suspect IBM will cop it on the chin as they won’t want to compromise their chances of hosting other government work in future – particularly as that ISAM certification they need is close to being granted according to a source I have who worked on the census project.