[LINK] ABS Tries to Blame IBM for 2016 Census Problems

[Christian Heinrich]

Stephen,

On Tue, Sep 27, 2016 at 1:21 PM, Stephen Loosley
<stephenloosley at zoho.com> wrote:
> The ASD also signed off on the design for the census and the Bureau conducted live
> tests, had load balancing put in place and hired penetration testers.

Did ABS name the "penetration testers"?


On Tue, Sep 27, 2016 at 1:21 PM, Stephen Loosley
<stephenloosley at zoho.com> wrote:
> http://www.theregister.co.uk/2016/09/23/ibm_botched_geoblock_designed_to_save_australias_census/

On Tue, Sep 27, 2016 at 1:21 PM, Stephen Loosley
<stephenloosley at zoho.com> wrote:
> A July 2016 Risk Management Plan specified that IBM would be responsible for DDoS
> protection, “with ISP measures of Island Australia (geoblocking international traffic) a
> key measure.” Or in other words, traffic from offshore would be blocked.
>
> The ABS later “received various assurances from IBM about operational preparedness
> and resilience to DDoS attacks”. The Bureau also conducted meetings with signals
> intelligence agency, the Australian Signals Directorate (ASD), to assess the risks the
> census faced, including DDoS. It came away from that meeting feeling that no “... new
> areas of concern were raised, nor were there any suggestions of potential mitigations
> or additional preparations that were not pursued.”

On Tue, Sep 27, 2016 at 1:21 PM, Stephen Loosley
<stephenloosley at zoho.com> wrote:
> Section 9 analyses census night and the incidents that brought the census down and
> confirms that the site was taken down in response to a DDoS. By 9:15PM the ABS and
> IBM were both aware that geoblocking had failed, and why.
>
> The document goes on to say “ Investigations subsequently identified that IBM failed to
> properly implement geoblocking.”

Was IBM's geoip dataset from
https://www.maxmind.com/en/geoip2-services-and-databases
or another source?


-- 
Regards,
Christian Heinrich

http://cmlh.id.au/contact