I think it is now safe to say that, technically at least, #CensusFail has peaked, with the ABS and IBM successfully restoring most access for the Census 2016 site.
Increasingly it appears that there was no large denial of service attack on the ABS, just a cascading series of issues which made the Census service vulnerable to demand peaks, with perhaps a small attack being sufficient to drive it over the edge.
The repercussions and fallout for the incident will occur for a long time. Several official reviews are already in motion, all of IBM’s advertising in Australia remains offline, and the ABS has not changed its engagement and communications course in any perceivable respect.
Answers need to be more forthcoming
The ABS is likely to be feeling the initial impacts of the next demand spike — not of Census traffic, but of Freedom of Information requests, with journalists, privacy advocates, IT experts and others all interested in understanding what decisions were made, where and by whom.
Hopefully the ABS will scale its capability effectively, unlike the Census experience, or take the high road and proactively release information, including server logs (anonymised of course) that allow external parties to understand the progression of events and clarify what occurred and the good work the ABS did to protect the data of Australians (their key commitment) throughout the incident.
The real risk now is that politicians and ABS management will try to switch back to business as usual too quickly, answering to official enquiries about the incident but refusing to answer to their real owners — Australian citizens. There’s a tendency in most organisations to spring back into normal operations to quickly after a crisis, forgetting that the collective external memory is often longer than insiders expect.
Staying the course on digital transformation
The consequences of #CensusFail are likely to have ripples affecting every major government IT project, significantly reducing political and public trust in digital initiatives by many federal agencies, as well as impacting on state and local government initiatives.
In many other digital projects politicians and citizens will ask for additional safeguards to protect against a potential #CensusFail, no matter how unlikely it may be. This will add cost and time to these projects, pushing up IT expenditures at a time when budgets are being cut, causing agencies to delay and defer the more expensive or ambitious projects and attempt to keep limping along on existing infrastructure for just a year or two more.
In extreme cases this may increase risk, with already old systems pushed beyond their commercial lifespans, in broader cases it will harm innovation and cause governments to fall further behind their peers elsewhere in the world.
This seems a bleak picture, but I don’t blame the ABS for this. It is a consequence of the lack of political IT expertise we continue to see across many Australian governments and of the risk-averse cultures that continue to flourish across governments despite the increasing downside risk of this stance.
It takes a long time to turn a big ship, and in this instance the ship is Australia. We are not educating our children or adults adequately to master a digital world and we do not have the level of IT knowledge or capabilities we need as yet to sustain a first-world infrastructure.
This flows through our corporations, our public service and our political leadership and it cannot be solved by the import or outsourcing of expertise.
I wish the ABS well in rebuilding their reputation following #CensusFail. In five years when the next Census is held the organisation will still be dealing with the fallout from 2016.
This article was first published on Craig Thomler’s blog eGov AU.