The ABS’s plan to safeguard Australia’s 2021 census

The Australian Bureau of Statistics is taking unprecedented action to protect the integrity of this year’s national census, revealing to CSO Australia it’s determined to avoid a repeat of the DNS attack in the 2016 census.

“The ABS anticipates greater cyber threats to the census in 2021 than previous years,” a spokesperson for the data agency said. “In response, we have significantly increased our security protections, security testing and assurance, and detection capabilities for the census.”

Working in tandem with the Australian Cyber Security Centre (ACSC) and Digital Transformation Agency (DTA), the ABS has created a 24/7 Security Operations Centre designed to monitor census systems and provide real-time alerts on potential security issues. It’s also undertaken “rigorous testing” including ethical hacks to ensure systems are robust, in consultation with independent third-party security assessors.

The ABS told CSO Australia it has been working closely with various counterparts abroad over the last five years to better understand how other agencies are handling cybersecurity. “Ahead of the 2021 census, we have undertaken extensive planning, testing, and assurance activities to protect against cyberattacks,” the spokesperson said. “This includes working with our government partners and engaging with our census colleagues in the US, UK, and Canada, all of whom have recently conducted successful censuses.”

The ABS said it’s also increasing action and community engagement to better protect citizens from the rising incidents and sophistication of cyberscams such as fake websites and phishing. “We are working with our government partners to identify and take down websites attempting to defraud or steal the identities of citizens.”

The revelations come as the Australian federal and state governments confront public dismay at a litany of cybersecurity breaches and systems failures over the past few years. These have included the failure of the MyGov website in early 2020 as people scrambled for relief payments to buffer against the first wave of the COVID-19 pandemic. Originally blamed by the government on a DNS attack, the MyGov crash was later attributed to a failure in internal systems.

The census will ask Australian citizens a range of questions, taking a snapshot of everything—income, marital status, spiritual persuasion and more—as of 10 August 2021. It’s a crucial store of data informing planning and funding for schools, roads, hospitals, and other important public services.

The government’s increased commitment to protecting the census from malicious actors comes amid a sharp increase in cyberattacks since the onset of the pandemic in March 2020, and as the government is still smarting from the backlash over the 2016 attack.

Then special cybersecurity advisor to the prime minister, Alistair MacGibbon made the call to close down the 2016 census to “ensure the integrity of the data” in the face of an attack identified as coming from offshore. “The impact in terms of trust and confidence, the impact in terms of the ability of government to deliver services, will last for a significant period,” he was quoted by CIO Australia at a security conference shortly after the attack.