Outsourcing risk: lessons learned from eCensus procurement

By May, 2017 August 31st, 2017 Federal, ICT
CeBIT panel discusses the fallout from last year's eCensus debacle, sparking suggestions that ICT procurement practices need to broaden.

Hosted by Ovum analyst Kevin Noonan, CeBIT eGovernment panel including (from left to right) Dawn Routledge, Jacob Boyle and Lesley Seebeck.

When last year’s eCensus became the target of a Distributed Denial of Service (DDoS) attack, the Australian Bureau of Statistics needed to brace itself for scrutiny and analysis of what went wrong for a long time to come.

Following the hack attack, it was found that the Bureau’s relationship with IBM, which was hired to develop the eCensus, left the system vulnerable to potential cyberattacks, leading to a public backlash, most prominently as a Twitter hashtag ‘#censusfail’.

And that was the subject of a panel discussion at the eGovernment forum at CeBIT Australia in Sydney on 24th May, hosted by one of Ovum’s leading public sector analysts Kevin Noonan, whose colleague Al Blake has written extensively about the eCensus debacle on GovNews.

Included in the panel was Senior Adviser Cyber Policy, Department of Prime Minister and Cabinet Jacob Boyle; Deputy Director Information Systems and Services / CIO, Bureau of Meteorology Dr Lesley Seebeck; and Executive Director, Policy and Innovation, Department of Finance, Services and Innovation Dawn Routledge.

A big part of the discussion was about the data associated with the Census, and how the public can trust the government with its sensitive information if it continually proves to be at risk of being hacked by malicious outsiders.

But GovNews redirected the discussion toward the procurement aspect, and asked the panel about the finding in the federal government’s official review into the incident, finding an ‘overly cosy’ relationship between the ABS and IBM.

The mood of the panel was very much in favour of stronger and more ethical procurement practices that favour governments widening their horizons by looking at what other, smaller and more innovative vendors may have to offer in their services to government.

In regards to the IBM relationship, Mr Boyle said “you can’t outsource risk” – “You still bear the risk; departments, governments, organisations do bear the risk.

“You’ve got to know what questions to ask when you’re sourcing these kinds of services of suppliers, you’ve got to know where’s your critical data, what are your critical points, where are your vulnerabilities in the grand scale of what you think you know and where should you focus that effort, and you need ask will it actually work and how do you mitigate those risks?” Mr Boyle said.

In reference to the relationship between buyers and vendors, Dr Seebeck said you may not be able to outsource risk but you should be able to share it.

“If we’re going in for a major procurement project as briefed by government and the taxpayer, I want to make sure whoever we get will assist us, because we can’t do it all by ourselves,” Dr Seebeck said.

Ms Routledge offered a more generic view of ICT procurement from her own perspective in NSW, saying the government has spent a lot of time to reform procurement and trying to “reduce that friction” and trying to make it easier to do business with government.

“But [also to] ensure that value for money and strong ethical frameworks remain in place, but making it easier to have an open dialogue in that context, focusing on trying to solve a problem, rather than going through 20,000 lines of requirements that we want you to build for us even if there’s a better way,” Ms Routledge said.

Echoing Mr Boyle, she said it’s encouraging collaboration by broadening that supply chain to include more “innovative businesses”.

Jump Forward to new podcast series from GovNews!

| ICT, Jump Forward | No Comments
Listen for FREE for our latest talks on the latest issues relating to government.

Meet the game-changing women fighting the war on waste

| Local, Sustainability | No Comments
Local government's frontline of committed waste warriors.
Cybersecurity firm Kaspersky will open a new Transparency Center in Malaysia inviting governments and companies to inspect source code for greater trust.

Source code inspection means trust in cybersecurity

| ICT | No Comments
Inviting governments to review the nitty gritty.
Filming begins on Godzilla vs Kong on the Gold Coast as Queensland government ramps up excitement for millions of dollars in tourism income.

Godzilla vs Kong rolls cameras in QLD

| Entertainment, State | No Comments
Sunshine State expecting roaring tourism returns.