‘Never say never’: Top statistician braces for census night hacks to avoid repeat of 2016
The nation’s top statistician is unable to promise there won’t be cyber attacks affecting census night on August 10 but said every step had been taken to protect household data from state-based actors and hackers.
The Australian Bureau of Statistics is targeting a 95 per cent completion rate for the 2021 census and predicts a record proportion will answer the census online. The expectation is three-quarters of households will fill out the form on a computer, tablet or smartphone.
ABS chief David Gruen.Credit:Alex Ellinghausen
Australian Statistician David Gruen, who is the head of the ABS, said reaching such a high completion rate required timely instructions provided to households and “a seamless and trouble-free experience for those who complete the form online”.
On census night in 2016 the online form faced several outages following malicious distributed denial of service attacks, known as DDoS attacks, which came from overseas. The ABS took the extraordinary step of shutting down the website to protect the data.
“We absolutely wouldn’t want to have to [take down the Census in a severe hack],” Dr Gruen said on Friday.
“Never say never, because it’s not possible to completely eliminate the risks of cyber attacks, as is clear from experience, but obviously everybody working on the census is acutely aware of what happened in 2016 and there were a large number of reports written in the aftermath,” he said.
The MacGibbon review made 29 recommendations for what the ABS should do to avoid a repeat of 2016 and Dr Gruen said they have implemented “every single one”.
“We have had the Australian Cyber Security Centre working with us pretty much from the get-go in a range of ways”.
The ABS has also committed to destroying names collected in 18 months and addresses in three years. This year for the first time the form also asks whether any household members are veterans and about any long-term health conditions.
The Australian census is compulsory, though penalties are infrequent, and typically has a high response rate.
Forms will start being sent out in early August and households can fill them in ahead of, or after, the census night provided they have a reasonable view of who will be at home that evening. Spreading out the answers over several days should help reduce the load on the system.
“We are as prepared as we think we can be but I will sleep more soundly on the 12th of August,” Dr Gruen said. “We have to be prepared for everything including kids in their parents’ basement who think it would be a great idea if they could get into the system,” he said. He said state-based actors and those looking to access sensitive data were also front of mind.
Assistant Treasurer Michael Sukkar said this year there had been a completely new digital service built as part of security measures.
“Testing and assurance activities have been ongoing and have been under close oversight by the government with a focus on performance and obviously security,” Mr Sukkar said, adding the ABS had worked with the Australian Cyber Security Centre, the Department of Defence and the Digital Transformation Agency.
“We’re also undertaking rigorous testing including … ethical hacks of our IT systems and simulated DDoS attacks to ensure our systems are robust and in the best shape possible for some of the issues that have occurred in the past.”
New monitoring tools will provide real-time alerts on any issues that arise and independent security assessments of the systems have been undertaken through the Australian Signals Directorate.
“I also want to emphasise that all information collected in the census will be securely hosted in Australia and encrypted end-to-end to ensure that our data sovereignty is respected.”
“There’s always a caveat that you don’t know what you don’t know but we feel as prepared as we can [be],” he said, adding some of the best minds in the country had tested the system.
“You can never call mission accomplished on this. but I think we’ve invested more than I think anyone could’ve imagined in security.”
Most Viewed in Politics
From our partners
Source: Read Full Article