MICHAEL MCCORMACK:
Thank you for being here this morning. We are here to explain and to discuss last night's Census online form outage. I will be clear from the outset, this was not an attack, nor was it a hack but rather, it was an attempt to frustrate the collection of Australian Bureau of Statistics Census data. ABS Census security was not compromised. I repeat, not compromised, and no data was lost. No data was lost.
There were three events which occurred in rapid succession last night which led the ABS to adopt a very cautious approach. The decision to shut down the online form was made to safeguard and to protect data already submitted. It was the decision taken by the ABS. Had these events occurred in isolation, the online system would have been maintained. The version of events was as follows; there was a large scale denial of service attempt to the Census website and online form. A denial of service is an attempt to block people from accessing a website. Following, and because of this, there was a hardware failure, a router became overloaded. After this, what is known as a “false-positive” occurred. This is essentially a false alarm in some of the system monitoring information.
As a result, the ABS employed a cautious strategy which was to shut down the online Census form to ensure the integrity of the data already submitted was protected. The ABS confirmed this morning that 2.33 million online forms were submitted before the outage and safely stored. The Australian Signals Directorate, a Commonwealth intelligence agency, was also notified by the ABS.
I will now outline the chronology of last night's events as provided to me by the ABS and also including the steps that I took. I will then make some further remarks and I will ask David Kalisch to also provide further comment. The Government's cyber security adviser Alastair MacGibbon, as I said, is on hand to assist with technical details. We will then take questions, noting that a lot of the detail will be covered in our statements. So here is the version of events.
At 10:08 AM Tuesday 9 August, the Australian Bureau of Statistics online Census form monitoring systems detected a significant increase in traffic. This was sustained for a period of 11 minutes causing a system outage of approximately five minutes.
Most users were able to resume their session and submit their forms. The traffic subsided at 10:19am without action from the ABS or IBM and the system returned to normal. IBM is contracted to the ABS to provide the software platform enabling the online Census form. The traffic increase was suspected to be a denial of service and investigations into it were commenced by both ABS and IBM.
At 11:46 AM, another increase in traffic was observed consistent with a second denial of service. The ABS and IBM have a comprehensive denial of service mitigation response plan which includes blocking of all international traffic. This was activated at 11:50 AM, 10 minutes to 12- 10 minutes to noon –which immediately stopped this latest event. Again, a short system outage was experienced. Most users were able to resume and submit.
Following this second attempt, a decision was taken by the ABS to maintain a block on all international traffic until midnight.
At 11:55 AM, the incident was reported to the Australian Signals Directorate, the ASD, for its information and also to seek any advice on prevention of further incidents or any intelligence related threat to the ABS.
At 4:58 PM there was a modest increase in traffic which was automatically defended by network firewalls. Additional measures were taken to prevent further attempts of this type.
At 6:15 PM a small scale denial of service was attempted on the ABS website and was stopped by the standard denial of service protections which were in place.
At 7:30 PM the online Census form monitoring systems detected a significant new denial of service. This event took a different form than those previous.
At the same stage a large increase in traffic to the website occurred with thousands of Australians logging on to complete their Census.
At 7:45 PM the ABS made the decision to shut down the online form to protect the system from further incidents.
My office was informed of the Census website outage at 8:10 PM. At 8:14 PM my office called me to inform that the site was unavailable. I had just left Parliament House at that time and I immediately returned.
Following this call I phoned the Australian Statistician David Kalisch to request a briefing on the matter. I left a voicemail for Mr Kalisch at 8:22 PM. I called the Census program manager, Mr Duncan Young, at 8:24 PM and left a voice message for him. Mr Kalisch returned my call at 8:26 PM and provided an initial briefing.
At 8:32 PM I notified the Prime Minister and at 8:33 PM I notified the Treasurer, my senior minister.
At 8:50 PM the online form system was restored, however, overload protocols were activated to prevent connections until the state of the systems and their integrity could be assessed. At this time the ABS provided a public message through social media and the ABS website to indicate there was a system outage and to try again later. I remained in constant contact with Mr Kalisch and provided the Prime Minister, as well as the Treasurer, with updates as information became available throughout the night.
ABS issued a public message at 11:00 PM to advise that the form would not be available for the remainder of the night and that updates would be provided in the morning. The system was restored at approximately 11:00 PM but was not brought online as a precaution.
While all systems were thoroughly checked, the ABS, IBM and ASD continued to consult and work to resolve any issues right throughout the evening.
All completed Census form data was backed up and transferred into the ABS secure data storage environment. Importantly, no Census data was compromised - no Census data was compromised, and no data was lost. I repeat, no data was lost.
The ABS was able to take adequate precautionary measures to protect the storage of the data. A detailed briefing of the events overnight was provided this morning at 8 o'clock by the ABS, IBM and ASD to the Prime Minister, the Treasurer, Minister Assisting the Prime Minister for Cyber Security and myself as the minister responsible.
There were four events which occurred simultaneously last night which led to the ABS to adopt a cautious approach and to take the decision to shut down the online form to safeguard and protect the system. Had these events occurred in isolation the online system would have been maintained. The simultaneous events, version of events was, one, there was a large scale denial of service on the Census website. Two, the ABS experienced hardware failure, a router became overloaded, what's called a false positive occurred, a false alarm was raised. I've mentioned all those before and as a result the ABS was overcautious to ensure the integrity of the data submitted was protected. I would like to reassure all Australians that the Australian Government and all Government agencies, including the ABS hold the security and the privacy of all Australians at the forefront of our minds. Indeed security is the most fundamental responsibility of the Commonwealth Government.
At no stage during these incidents last night was any information obtained nor was there any entry into the system. The ABS has assured the Government of this fact and that has been confirmed by the ASD. During my first meeting with the ABS two weeks ago and again earlier this week I was assured that the system was prepared to protect data and I'm pleased that the system just did that. It blocked multiple events and as a precaution the ABS and IBM also took the action of shutting down the site to ensure protection.
During these meetings I was also given assurances that the system was able to cope with the traffic flow from Australians accessing the online form. Again, I am pleased to report that the system was indeed working to expectations prior to the major incident. More than 2.33 million Census forms were submitted online by 7:33 PM with peak submission rate of 150 form submissions per second. This was well within the system capacity of 260 forms per second and all system performance monitoring indicated good performance.
As I've said, the Government takes cyber security very seriously. Earlier this year, the Government outlined plans to invest in our cyber security strategy which will deliver improved cyber security through 33 initiatives supported by more than $230 million in Australian Government funding. More than 100 positions are also being filled. These are new positions as part of this program to boost the Government's cyber security capacity and capabilities.
In addition to these investments, the Government has also invested a quarter of a billion dollars in the ABS's ICC infrastructure -$250 million. The Government, of course, will be reviewing last night's events, however, the onus at present is on restoring the Census website online to enable those Australians who have not already done so, to complete their online Census.
The Australian Privacy Commissioner has opened a privacy investigation into last night's events. The ABS will be cooperatively contributing to this investigation.
Now again, let me reiterate before I ask Mr Kalisch to make some comments, data was not compromised. The ABS made a cautious decision to protect people's data. This was not an attack, nor was it a hack. It was an attempt to frustrate the collection of data, an attempt to frustrate the collection of data. People should feel rest-assured their data is safe.
The Census is a very important document to help with government decisions and I strongly encourage people to participate in the Census when the site goes back online.
If people would like further information, the service number is 1300-214-531. If they would like to request a paper form, the number is 1300-820-275.
No person, no person, no Australian will be fined if they willingly participate in the Census. And there is a considerable act of grace period for people to still submit their forms. The paper forms are not due until 18 September and people have until 23 September to go online and submit their Census electronically.
I would now like to hand over to Mr Kalisch.
ABS STATISTICIAN DAVID KALISCH:
Thank you, Minister.
The ABS took the early prudent precaution of taking the system down around 7:45 last night to be assured of the integrity of the data. This continues to be our guiding principle and guiding approach. Adopting a precautionary and conservative approach to the information of Australians. I would like to firstly apologise again to the inconvenience that has been caused for many Australians. But I believe you would also expect the ABS to safely secure your data in these circumstances.
I would also like to thank the millions of people who have already submitted their forms online or have completed the form on paper, those who have already been counted. And to reiterate the comments by the Minister that there is plenty of time for everyone to complete the Census and provide the essential data required by and for the nation.
We would reiterate the assurance that your data is secure. Your data is encrypted, your data is safe, at the ABS. We are working to get the online system up as quickly as possible and I need to be assured about the robustness of our arrangements before I put it back online. ASD is providing advice and will also be using their assurances to ABS on this matter.
The integrity of the Census has not been compromised. The community will have plenty of time to complete the Census, just like past Censuses where people had a matter of weeks to complete the paper forms and where paper forms were distributed over a matter of days and weeks.
The online system will be operating as soon as we are assured it is robust and secure. ASD are advising us on this matter. It is important that the Census is completed. We already have over two million forms received online. There are over there million paper forms in households at the moment and we have also pursued other strategies to complete information from Indigenous communities, for the homeless, for people who have other difficulties and other challenges being counted and those strategies have been working.
Again, I would reiterate that we have taken an abundance of caution but we are looking to have the system online as soon as possible. Thank you.
QUESTION:
A key question of fact is, what can you tell us about the significant event that took place last night? We had several denial of service events but this major one, how big was it, if the system was meant to be capable of taking 260 forms per second, how big was this denial of service event and a follow up on that, a denial of service is usually termed an attack. So, why do you claim there was no attack when there was a denial of service?
DAVID KALISCH:
Perhaps I can answer about the capacity –there was no issue with the capacity of the ABS system. We still were receiving forms at a rate of 150 per second. Our capacity is 260. The denial of service breached the online form because it didn't get caught up by the geo-blocking. That was the aspect in the protection system that didn't operate fully.
QUESTION:
Can we ask Mr MacGibbon, who may be an expert on this, we are hearing words like significant and major. Can you put that in some sort of quantum for us, what is the sheer number of hits involved in these DNSs and what typically are the motivations of those with this capacity, are they typically states, are they typically hacktavist organisations?
ALASTAIR MACGIBBON:
Sure. Well firstly, I should say I apologise for my voice, it's not the best day for having a pretty serious cold.
It's not abnormal for Australian Government services to be subjected to denial of service attempts. This is just the normal course of business for Government. And the vast bulk of those are handled in the normal course of business. The reason why the fourth incident was significant was because there were actually two failures. The first was a geo-blocking service fell over and when that fails – and that's one of the main defences used against denial of service. So, once we lost the capability of preventing essentially the geo-location of data coming in, then the router failed and as a result of that, there was information inside the system that the ABS and IBM took very cautiously so not knowing what that information was, made a decision to take it offline. So the attack was no more significant than the types of attacks we would see all the time against Australian Government systems. It's just that there was a confluence of events. In terms of the motivation of people, it is important, as the Minister said, to note that a denial of service is not a breach, it's not designed to take data. A denial of service is designed to frustrate. If I can use an offline analogy, it's equivalent to me parking a truck across your driveway to stop vehicles coming in and out. That is all a denial of service is. Now, in this case, the denial of service led to other systems failing, absolutely. But it does not compromise the integrity of data.
QUESTION:
What was the source country?
ALASTAIR MACGIBBON:
That is being investigated at the moment by the Australian Signal Directorate and others.
QUESTION:
Minister, we've had the Census night, that's passed. We have got millions of Australians who still haven't completed the Census. How confident or realistic is it that we are going to get more than 98 participation rate and if there's not we could have the biggest Census failure in 100 years. How much responsibility would you take as Minister?
MICHAEL MCCORMACK:
Well, bear in mind the fact that I've been the Minister responsible for ABS for three weeks. It is a significant role; it's an important role and one I take very, very seriously.
The ABS also is taken very, very seriously. It has bipartisan support, always has. This was the 17th Census. It is ongoing and as Mr Kalisch has informed me in briefings that I've had on this, many people, most people in fact, don't actually fill their Census out on the given night. Many fill it out beforehand, many fill it out after the event and the fact that they have got now until- and always did have until September 18 to submit their paper form and 23 September to fill their online form does not change. That grace period was always there, it still is and I am confident that Australians will accept the principle of the fact that the Census is a vital event. I'm convinced that they know that their communities are enriched by having the proper data- the proper raw data available to governments of all political persuasion, federal, state and local, to assist with Governments to be able to allocate funding and resources for roads, for rail, for hospitals and for schools and for other important Government institutions and facilities.
QUESTION:
You have only been in the role three weeks. In hindsight was it a good idea to have this massive project in the hands of a fresh minister?
MICHAEL MCCORMACK:
Well, the Census has been planned for five years. Indeed, planning for the 2016 Census occurred before the 2011 Census was actually conducted and so there is a lot of planning that goes on with the Census. This was the first online Census as such. The third time that the Census has been held online, but the first time that a real push was made for people to actually fill it out online and I still believe that more than two thirds of people will actually fill their Census out online, get those important details into the ABS to enable governments to be able to allocate funding.
Shane Wright. Shane Wright from The West Australian.
QUESTION:
One question to Mr Kalisch. 18 months ago the ABS actively sought to abandon the Census, go to 10 years and look at a survey. How can you argue that this has been well planned when 18 months ago the ABS was looking at something very different? And Mr Kalisch, at 3 o'clock yesterday you did a press conference in which you said everything is fine and you've had two DNS- I will say attacks, before that. Why didn't you let people know at that time that there were issues at play with the Census?
MICHAEL MCCORMACK:
Well to firstly answer your question, Shane, it has been well planned, of course. And all planning and strategies were put into place to prepare for any denials of service, to prepare for any events such as that occurred last night. And the good thing is it was safeguarded. People's information was protected. The good thing is that no data has been lost. The good thing is the firewalls held up and the actual ABS has been shown to be- whilst they have been very cautious, they have also shown to be very responsible because no data was lost. The information is stored securely that has already been provided. The website has been pulled down until such time as people's information can be safeguarded and can be protected and when that happens, it will be restored. David.
DAVID KALISCH:
People would not be surprised that the ABS and other agencies are subject to denial of service attacks. The issue yesterday was that they were identified and they were managed. They were managed with our risk management plan and with the strategies that had in place. I didn't think it was appropriate for me to signal that that was happening. Certainly the issue was that we had managed it effectively, the system was operating and people could submit their forms online.
QUESTION:
But how can you possibly say that it was not appropriate when you went out publicly with reassurances and clearly did not tell the public of significant events? And secondly, on this whole planning for a denial of service, yes you protected the data but the system has crashed and the whole thing has ended up something of a fiasco. Was adequate planning put in place?
DAVID KALISCH:
During the day there was no crash, as you call it. The protections in place worked.
QUESTION:
The events [indistinct]...
DAVID KALISCH:
There were a number …
QUESTION:
…[indistinct] …
DAVID KALISCH:
There were a number of inconveniences in terms of a few minutes that the system was not available. But we had seen, I suppose, the trajectory in terms of submissions of online forms that we expected. So, we were starting to build up and then during the night it got to that crescendo.
QUESTION:
Mr Kalisch, can I ask you, you referred on AM to a gap in the system identified by a third party to justify your decision to shut the system down. What was the gap? Is that the geo-location issue? Who was the third party that advised you to shut it down and how serious does the threat from that gap remain. And if I could also ask Mr MacGibbon, was this a state actor or were these school kids on computers, Mr MacGibbon or don't we know, don't we have a clue?
DAVID KALISCH:
I suppose that was explained by the Minister earlier, there were actually a confluence of events. So, it's not fair to talk about just one dimension. There were a number of aspects. So, there was the geo-blocking that didn't work effectively, there was a hardware router failure with also a supplier to us and the other issue was in terms of the performance monitoring system- the performance monitoring information that was throwing up some queries to us that we needed to investigate.
QUESTION:
And which third party told you about it?
DAVID KALISCH:
So, this was coming through our system in terms of the monitoring information and the intelligence that we have through IBM, that they were seeing that through another ISP that wasn't doing the geo-blocking and then the router failure that took place with Telstra.
QUESTION:
And Mr MacGibbon, if I could sharpen up on this point of the extent to which you know whether this was a state actor or just a school kid on a computer or who would have done this?
ALASTAIR MACGIBBON:
Attribution is always hard, particularly with the denial of service. By the very nature of it, you try to grab traffic from different locations. That is being investigated at the moment.
QUESTION:
When was ASD called in? Was it called in last night or only this morning?
MICHAEL MCCORMACK:
Maybe David Kalisch could …
DAVID KALISCH:
I'm just looking at my chronology but we have been working with ASD for some time in terms of when the denial of service attacks were taking place, I believe we spoke to them before lunchtime yesterday and they provided some advice to us and we asked whether they had any further intelligence that we should be aware of.
QUESTION:
Minister, can we just go back to Michelle's question there about was adequate planning put in place. Mr MacGibbon, you did say that the attack was no more significant than others against Government systems. Why then was- were you not prepared for what happened yesterday?
ALASTAIR MACGIBBON:
Well, I will start with saying why I said it's no more significant. Denial of service is just commonplace for frankly not just government, any big organisation online will suffer these attempts on a very regular basis. So, the Australian Government and all of its systems are constantly challenged for these things and the vast bulk of the time in the normal course of business, the denial of service is thwarted and there is no impact upon the operation of those systems. I think the point being made today is that there were a series of events that only by lining them up end on end led to the unfortunate circumstances of last night.
QUESTION:
So, [indistinct] were you prepared, were you prepared would you say then for what happened yesterday, given they were able- the system was shut down?
ALASTAIR MACGIBBON:
I will leave that to the ABS if that's alright.
MICHAEL MCCORMACK:
Well, I can say that, yes, the ABS was prepared, yes, the Government was prepared because the ABS has taken every responsible step to make sure that people's data, people's information was not able to be accessed by those who shouldn't have access to that information. And so they have taken the very cautious step and I would say a responsible step to make sure that that didn't happen.
QUESTION:
So, Minister McCormack, was or was this actually an attack? Because Mr Kalisch has just said again that it was [audio skip] attack twice and you said that this morning and then you've started off your press conference by saying it was not an attack. Why do you [indistinct] …
MICHAEL MCCORMACK:
[Interrupts] Well, I'm not using the word attack, I'm- and nor was it hacked because I feel by saying attacked, it looks as though and it seems as though and it is so that information was then gained. There was no successful attack. The ABS, in conjunction with IBM, closed the system down such that that nothing was actually- been able to- been …
QUESTION:
[Talks over] So, it wasn't actually [indistinct] …
MICHAEL MCCORMACK:
… accessed, accessed by those who shouldn't have that information. So there was no hack. A hack is when somebody gets into a system, retrieves what they want and then uses it for malicious purposes. There was no attack, there was no hack and because that sort of information did not get out.
QUESTION:
Given that you are so sure, are you going to tell the Privacy Commissioner to call off the dogs. And also can you tell us at least where the majority of the traffic was coming from at the time of the major denial of service attack last night?
ALASTAIR MACGIBBON:
I can start if that helps. Yeah, most of the traffic was coming from the United States but that's not abnormal in denial of service because there are an awful lot of systems in the United States. So again, that's why the investigation needs to be undertaken to determine, if possible, who the actor or actors were. If I could just talk briefly about the concept of terminology used, I've spent the last 15 years trying to clarify with people that a denial of service is not a hack. It's not a breach, it's not a compromise, it's not an exfiltration of data. A denial of service is impeding the operation of servers and websites. That is what a denial of service is. And so as the Minister has said, there was no breach, there was no intrusion, there was no hack. This was a denial of service. The traffic was largely coming from the United States. That can vary a lot of course in denial of service which is why we need to work with our counterparts offshore to determine who it was, if possible but …
QUESTION:
[Interrupts] Doesn't this go to motivation and intention though and if the intention is to stop the Census working, isn't that in layman's language, an attack, whatever the language of the computing experts might be?
ALASTAIR MACGIBBON:
I don't want to get cute, it's certainly very frustrating absolutely. But I suspect that most people want to make sure that the information- the integrity of the information remains …
QUESTION:
Well, what do you think the motivation would be of the people trying to get in [indistinct]?
ALASTAIR MACGIBBON:
Clearly to cause frustration and I would say they successfully caused frustration. One thing I would say is that there was an awful lot of conjecture about the Census and its online activities and every time there is more of that conjecture, it increases the profile of the site. We see that in every single time, whenever we talk about a breach, when we actually talk about a successful compromise, we see people trying to compromise the system we talk about. It's the same with a denial of service, it's the same with any form of IT security. The more we talk about it, the more people decide to see if they are better than we are. In this case what I'd say is it almost ended up a draw. They managed to tip over some systems. The ABS made a decision to turn that website off in order to ensure that the data wasn't compromised. And again, I would say that the number one way in which Australians engage with the Australian Government is via the internet. We do this in a whole range of ways. I did internet banking this morning, significant information that I carry out online. It's not abnormal for us to be engaging online and do sensitive thing. But there was a lot of conjecture about the ABS Census and we see the consequences of that conjecture.
MICHAEL MCCORMACK:
And if I can just conclude by saying it was better- it was deemed to be better last night to inconvenience Australians and to shut down the website than to compromise the data already collected and to compromise further data that may well have been collected during the period. So as I say, the ABS has apologised for this inconvenience but better to be safe than to be sorry and I want to reassure Australians that their data is safe.
I want to reassure Australians that they still do have time, many weeks in fact, to get online, to fill their paper forms out and to get them into the Australian Bureau of Statistics because it is important information which will help the Government, help governments of all persuasion to shape a better future for our nation, thank you very much.