By Rob Taylor

CANBERRA, Australia-- International Business Machines Corp. is negotiating a settlement with Australia's government over a bungled effort to oversee the country's first online census, senior executives said Tuesday.

The Australian Bureau of Statistics paid IBM 9.7 million Australian dollars (US$7.4 million) to oversee technical preparations and software used for the census, which was knocked offline for 40 hours on Aug. 9 following a series of small-scale distributed denial-of-service attacks from an unidentified location overseas.

Kerry Purcell, managing director of IBM's operations in Australia and New Zealand, told a parliamentary inquiry looking into the matter that subcontractor NextGen Networks was mainly responsible for the failure that knocked out the census website, along with internet service provider Vocus Communications.

But IBM accepted responsibility as the prime contractor, he said, and had begun talks with Australia's Treasury Department on a confidential settlement over the outage, estimated to have cost Australian taxpayers at least A$30 million.

"We are looking to constructively resolve the matter as soon as possible, " Mr. Purcell said. "I am confident we'll be able to achieve some kind of outcome in the very near future."

In tendering for the census in 2014, IBM promised its eCensus software and online preparations would be "highly resistant to web application security attacks." The company also said faults would be resolved within 30 minutes. Australia's census didn't come back online for three days.

Mr. Purcell and another IBM executive, Permenthri Pillay, rejected accusations from one investigating lawmaker, Sen. Jane Hume, that Australia had been a "crash-test dummy" for a digital census process to be used as a partial model by Canada, the U.K. and the U.S., as those countries also moved their surveys online.

"I would suggest that Australia is leading the way and being a leader in the digital agenda," Ms. Pillay said.

Australian Prime Minister Malcolm Turnbull ordered the investigation into attacks and singled out IBM early on for failures that could dent confidence in efforts by the company to manage census processes in other countries.

In a denial-of-service attack, an online attacker typically attempts to overwhelm a network by flooding it with information. A distributed denial-of-service attack involves traffic from multiple sources.

Australia's chief statistician, David Kalisch, told lawmakers last week that the census failure had cost tens of millions of dollars to resolve as officials worked to restore access and public confidence.

"The Australian Bureau of Statistics made a number of poor judgments in our preparation for the 2016 Census that led to the poor service experienced by many households," Mr. Kalisch said.

IMB confirmed that there were four DDoS attacks, the first occurring at 10:10 a.m. and the last at 7:27 p.m., at which point the census website was taken offline. While apologizing "unreservedly", the company said no personal census data had been compromised or stolen.

The majority of the traffic came from Singapore, the company said, with IBM engineer Michael Shallcross telling lawmakers that Australia-based NextGen and Vocus Communications failed to introduce agreed-upon protocols to block intrusions from offshore, under a geoblocking strategy called "Island Australia."

Mr. Purcell said no one within IBM had been fired or disciplined over the failed process, while Vocus Communications said in its own submission to lawmakers that IBM alone was to blame.

"The cause of the census website being unreachable was IBM employee's [sic] falsely identifying normal traffic patterns as data exfiltration, and manually turning off their Internet gateway routers," the Vocus submission said. "The IBM submission that Vocus had committed is inaccurate as Vocus was not, prior the fourth attack, advised of Island Australia."

Alastair MacGibbon, the prime minister's special adviser on cybersecurity, had previously told lawmakers that most of the cyberattacks came via the U.S., although it was unclear if the disruptions originated there.

Privacy was a widespread concern leading up to the census, in online and paper versions, after the statistics bureau and the center-right government announced plans to collect and store identifying information of about 24 million Australians, including names and dates of birth, household incomes and religious beliefs.

Australia has been frequently targeted in cyberattacks, including the attempted hacking of the country's weather bureau last December, thought by officials to have originated in China. But other attempts have been blamed on online privacy activists.

Write to Rob Taylor at rob.taylor@wsj.com

(END) Dow Jones Newswires

October 25, 2016 01:52 ET (05:52 GMT)

Copyright (c) 2016 Dow Jones & Company, Inc.
Vocus (ASX:VOC)
Historical Stock Chart
From Mar 2024 to Apr 2024 Click Here for more Vocus Charts.
Vocus (ASX:VOC)
Historical Stock Chart
From Apr 2023 to Apr 2024 Click Here for more Vocus Charts.