More than 130,000 malicious IP addresses were blocked during Census 2021: AWS

More than 130,000 malicious IP addresses were blocked to ensure no breaches or interruptions were experienced during what was deemed a successful Census 2021, according to Amazon Web Services (AWS).

In a blog post, AWS Oceania technology and transformation director Simon Elisha explained that AWS, together with PwC Australia and the Australian Bureau of Statistics (ABS), undertook “extensive DDoS tests” prior to Census 2021 to ensure all data would be secured, in addition to building a web getaway so that each Census form was validated before it was passed along to the ABS processing environment. 

“This included an independent security and compliance assessment against the Australian Government’s Information Security Manual, through an Information Security Registered Assessors Program (IRAP) assessment,” he said.

“All information collected in the digital 2021 Census service was securely stored in the AWS Sydney Region. It was also encrypted end-to-end, which means the information was scrambled and could not be read without the decryption keys, which were controlled solely by the ABS.”

PwC Australia was contracted to build 2021 Census on AWS cloud to avoid any embarrassing repeat of what occurred during Census 2016, when the ABS experienced a series of small DDoS attacks, suffered a hardware router failure, and baulked at a false positive report of data being exfiltrated which resulted in the Census website being shut down and citizens unable to complete their online submissions.

At the time, Census was running on-premises infrastructure procured from tech giant IBM.

Other testing the service underwent included ensuring it could meet extreme user demand at more than 2,000 times the expected peak workload, Elisha said. He said this allowed the platform to manage the 2.5 million people who submitted their forms on 2021 Census day, including when it hit peak period online at 8:06pm and about 142 online submissions were received per second and there were 249 logins per second.

Elisha also boasted that by building a cloud-based contact centre for ABS, it saved over 394,000 people from calling the Census contact centre to request a paper form. Instead, people who called were prompted by an automated agent to enter details such as their Census ID number and their postcode to be verified.  

“The Census Digital Service achieved high levels of security, reliability, and scale thanks to the serverless architecture built on AWS. The most important benefit of working with AWS is that ABS doesn’t have to worry about building and operating the underlying infrastructure, and ABS can focus on delivering a simple and easy experience for the people of Australia,” ABS CIO Steve Hamilton said.

Related Coverage

• Australian Bureau of Statistics ‘on track’ to avoid Censusfail 2.0 come August 10
• Censusfail: An omnishambles of fabulous proportions
• Australian 2021 Census preparation gets marginal pass mark from auditor