When last year’s eCensus became the target of a Distributed Denial of Service (DDoS) attack, the Australian Bureau of Statistics needed to brace itself for scrutiny and analysis of what went wrong for a long time to come.
Following the hack attack, it was found that the Bureau’s relationship with IBM, which was hired to develop the eCensus, left the system vulnerable to potential cyberattacks, leading to a public backlash, most prominently as a Twitter hashtag ‘#censusfail’.
And that was the subject of a panel discussion at the eGovernment forum at CeBIT Australia in Sydney on 24th May, hosted by one of Ovum’s leading public sector analysts Kevin Noonan, whose colleague Al Blake has written extensively about the eCensus debacle on GovNews.
Included in the panel was Senior Adviser Cyber Policy, Department of Prime Minister and Cabinet Jacob Boyle; Deputy Director Information Systems and Services / CIO, Bureau of Meteorology Dr Lesley Seebeck; and Executive Director, Policy and Innovation, Department of Finance, Services and Innovation Dawn Routledge.
A big part of the discussion was about the data associated with the Census, and how the public can trust the government with its sensitive information if it continually proves to be at risk of being hacked by malicious outsiders.
But GovNews redirected the discussion toward the procurement aspect, and asked the panel about the finding in the federal government’s official review into the incident, finding an ‘overly cosy’ relationship between the ABS and IBM.
The mood of the panel was very much in favour of stronger and more ethical procurement practices that favour governments widening their horizons by looking at what other, smaller and more innovative vendors may have to offer in their services to government.
In regards to the IBM relationship, Mr Boyle said “you can’t outsource risk” – “You still bear the risk; departments, governments, organisations do bear the risk.
“You’ve got to know what questions to ask when you’re sourcing these kinds of services of suppliers, you’ve got to know where’s your critical data, what are your critical points, where are your vulnerabilities in the grand scale of what you think you know and where should you focus that effort, and you need ask will it actually work and how do you mitigate those risks?” Mr Boyle said.
In reference to the relationship between buyers and vendors, Dr Seebeck said you may not be able to outsource risk but you should be able to share it.
“If we’re going in for a major procurement project as briefed by government and the taxpayer, I want to make sure whoever we get will assist us, because we can’t do it all by ourselves,” Dr Seebeck said.
Ms Routledge offered a more generic view of ICT procurement from her own perspective in NSW, saying the government has spent a lot of time to reform procurement and trying to “reduce that friction” and trying to make it easier to do business with government.
“But [also to] ensure that value for money and strong ethical frameworks remain in place, but making it easier to have an open dialogue in that context, focusing on trying to solve a problem, rather than going through 20,000 lines of requirements that we want you to build for us even if there’s a better way,” Ms Routledge said.
Echoing Mr Boyle, she said it’s encouraging collaboration by broadening that supply chain to include more “innovative businesses”.