Measures to repel the sort of denial of service attacks that left the Census website in meltdown were not in place, Malcolm Turnbull has revealed.
A clearly frustrated prime minister admits there were "serious failures" with the national survey, which was conducted on an opt-out online basis for the first time by the Australia Bureau of Statistics (ABS).
"My calm demeanour on your radio program is disguising the fact ... that I too am very angry about this. I am bitterly disappointed about this," he told Alan Jones on 2GB radio on Thursday morning.
Denial-of-service attacks were "absolutely commonplace, highly predictable" and inevitably going to happen to the census website.
"Measures that ought to have been in place to prevent these denial of service attacks interfering with access to the website were not put in place. That is a fact," he said.
"That was a failure. That was compounded by some failures in hardware ... and inadequate redundancy.
"These failures have been rectified at my direction, the government's direction, under the supervision of the Australian Signals Directorate."
Yesterday, Small Business Minister Michael McCormack and ABS chief David Kalisch pinned the blame for the ABS' decision to take down its Census website on Tuesday night on a confluence of events, which included the geoblocking measures put in front of the site failing, and a hardware failure in a router.
Turnbull said there were "clearly very big issues" for IBM, who won the almost AU$10 million tender in 2014 to provide the systems for the Census, and the ABS to address, and they would be subject to a review.
"A denial-of-service attack is as predictable as the rain will fall one day or the sun will come up," Turnbull said.
He refused to say whether anyone will be sacked because of the fiasco but foreshadowed "very serious consequences".
He hopes the site will be back up and running on Thursday, as a review is undertaken by the government's cybersecurity advisor Alistair MacGibbon.
"The review and which heads will roll where and when is something that will follow."
Turnbull, who had tweeted the census was very easy to fill-out just before the website was taken down, said he was not made aware of the problems until after 8pm on Tuesday.
Labor frontbencher Jim Chalmers said it was "pretty pathetic" of the prime minister to blame the ABS when the problem was a failure of leadership.
"Now there's ... unseemly finger pointing that's happening after the event when really what people expect from the prime minister is to take a bit of responsibility," he told ABC radio.
Labor frontbencher Andrew Leigh yesterday labelled the 2016 Census as the worst-run in Australian history.
"The government should have been preparing for this. It's not like the Census comes out of the blue and catches you unaware," he said.
"One of the worst IT debacles Australia has ever seen."
"They've failed to adequately manage the risks; bringing to Government a sort of startup culture rather than a careful, methodical approach which would have seen Australians be able to fill in their Census last night."
Special Adviser to the Prime Minister on Cyber Security Alastair MacGibbon said the incident was not a defeat for the ABS, and the result of conjecture about the Census.
"The more we talk about it, the more people decide to see if they are better than we are," he said.
"In this case what I'd say us, it almost ended up a draw."
"They managed to tip over some systems."
MORE ON CENSUS 2016
- Census 2016 among worst IT debacles in Australia: Labor
- Telstra denies involvement in Census stuff up
- Australian government pins Census collapse on geoblocking failure and overloaded router
- ABS blames Census 2016 site failure on DDoS attack
- Shorten calls for post-Census review as OAIC remains satisfied
- ABS quietly drops Census data security claim
- ABS tells Australian government there will be no Census data breaches in future
- Census privacy risks are not what they seem
- Australian online Census name fields restricted to ASCII printable characters