The Special Adviser to the Prime Minister on Cyber Security, Alastair MacGibbon, has made multiple criticisms of the Australian Bureau of Statistics over its handling of its IT contract for the 2016 census, which led to the disastrous shutdown of the ABS website on census night.

MacGibbon, who two weeks ago handed his report on the census night shutdown to the Prime Minister, was giving evidence to the Senate Economics Committee’s hearing into the debacle, speaking after appearances by first IBM, the primary contractor, and then the ABS. IBM opened with an apology for the site crash, while the ABS insisted its only misjudgments were in relation to areas such as better communication.

[You’ve decided to boycott the census. Now what?]

However, MacGibbon made multiple criticisms of the ABS, noting that it had failed to properly interrogate IBM’s plans for dealing with a denial of service attack on the ABS site, and failed to spot that its “Island Australia” plan (geoblocking so that traffic from overseas would be unable to reach the ABS site) to respond to DOS attacks had a major flaw in it, in that a key part of the census site relating to password resets was itself hosted offshore.

He also suggested the ABS had failed to take a more rigorous approach to IBM and the services it had contracted for. IBM received the contract for the census without an open tender process; MacGibbon suggested the ABS displayed “vendor lock-in” by handing the contract to the company. If the ABS had shown more rigour in its dealings with IBM, MacGibbon said, it would have “found the hole” in its “Island Australia” strategy. He also repeatedly noted that the DOS attacks on the ABS site were small enough that they should have been easily handled by the site.

[The problem is not the census, it’s government going digital]

Earlier, the ABS had offered a Pollyannaish account of the census process, insisting that its overall response rate was far above the 2011 census, saying that any failings were the fault of IBM and its contractors and rejecting criticism of its failure to go to open tender. The Chief Statistician and his senior executives appeared to be unfamiliar with the Commonwealth Procurement Rules when they were asked about the process they had undertaken before handing the contract for IBM.