While the public will have to wait until next year for Census data to be released, at least one figure has now been revealed – the staggering number of cyber attacks blocked by the online system.
The 2021 Australian Census online digital system blocked in the order of 130,000 malicious IP addresses across its lifetime, according to its builders PwC. Selected by the Australian Bureau of Statistics as official Census IT provider in 2019 after the serious failings of the previous survey (with IBM having shouldered most of the blame), PwC has now provided a run-down of the processes involved in delivering the successful project.
PwC was tasked with helping to achieve three key objectives for the 2021 Census Digital Service (which aimed for a 75 percent uptake, or to cater to more than 18 million people, and gained even greater importance in the build-up with respect to social distancing); that the operation would run smoothly and be secure with a simple UX; that the data would be of the highest quality; and that the government, business community, and public had confidence in the system.
Altogether, almost 150 staff-members from the various divisions of PwC have worked on the Census project, including management consultants, front end developers, accessibility and content management specialists, DevSecOps cloud engineers, and cybersecurity architects among others, who joined together with the technical teams from the ABS and AWS.
PwC cites this broad, collegial collaboration as one of the major factors for the project’s ultimate success. “It was incredibly important to see a strong working relationship with the ABS develop,” said PwC partner and the project’s cyber lead Robert Di Pietro.
“Trust doesn’t happen by accident – it is earned and developed through collaboration, respect for diverse views and inputs and brought to life through commitments to a joint and shared outcome. All parties committed to a strong spirit of working together to support the ABS.”
Usability and other factors aside, the underlying focus for the 2021 Census would always be on cyber resilience and incident response readiness following the Distributed Denial-of-Service (DDoS) disruption of 2016, and PwC made sure the system was well prepared and tested prior to launch. This included regular security awareness sessions and threat briefings conducted by PwC’s cyber team for the project’s other participants, sharing the responsibility.
“We had a number of simulation events, and rehearsed cyber incidents to test processes and ensure we had the muscle memory developed for the main event,” said Scott Evans, PwC’s Census Lead Partner for Digital Innovation & Cloud Engineering, on a live Census test held in October of last year. This was in addition to multiple rounds of security code reviews as well as penetration tests designed to emulate the tactics of a real attacker.”
As it transpired, Census night saw an uninterrupted service with system volumes peaking at 270 logins and 142 form submissions per second, with 2.8 million submitted in total, while the solution was successful in blocking around 130,000 malicious IP addresses over its lifetime. “When it came to the solution, we did everything we said we would,” said Evans. “As a cloud native solution, available to anyone online, we built it for maximum security from the start.”