Newly-installed CEO of Services Australia Rebecca Skinner told the Senate Select Committee on COVID-19 on Thursday that myGov needed more capacity when it melted down under the weight of 3 million users on March 23, but it isn't prudent to anticipate one-off events.
"What we do know is that we needed a larger capacity on myGov, but it is probably right to say you wouldn't design a computer system to cope with three million logins at one time when the business as usual proposition is about 90,000," Skinner said.
"The cost of building a system that could cope with that one day wouldn't really be a balance of investment.
"What we do know is that we probably needed to ramp up quickly -- which we did -- by the end of that week the myGov platform was substantially more stable and able to cope with the larger numbers of logins."
Returning to the point later in the hearing, Skinner said myGov should have been able to cope better, but the system has handled loads much better since the incident and can now cope with 300,000 concurrent users. Once the peak loads of Monday and Tuesday passed, Skinner said traffic to myGov began to drop off.
Secretary of the Department of Social Services Kathryn Campbell clarified the timeline of myGov's capacity in relation to the events surrounding the instigation of shutting down parts of Australia's economy due to coronavirus concerns in late March.
"On the Friday before the very busy Monday the 23rd, myGov was rated to have 6,000 users. Over the weekend with the expectation that there would be announcements by the government around the payment changes, it was [upgraded] to 90,000 users," Campbell said.
"We discovered on Monday 90,000 was not enough, and then they very quickly upgraded to 300,000."
Due to the influx of users, Services Australia received a number of distributed denial of service (DDoS) alerts, which led to Minister for Government Services Stuart Robert blaming MyGov's inability to cope on a DDoS attack. Robert later revealed there was no such attack.
Under questioning from Labor's Senator Murray Watt, Skinner said Services Australia had not advised its minister that a DDoS attack had occurred.
"Services Australia advised the minister that the denial of service alarms had gone off on the network, and that we had in past times they had been -- we were in an environment where denial of service attacks may have been expected," Skinner said.
"The alarms on our network had gone off though because of the extreme demand on the system, and we had to do an investigation as we did with every time the denial of service alarms went off. We would investigate whether that was a denial of service attack, and we'd engage the Australian Cyber Security Centre each time."
Watt pressed for a more direct answer, asking the Services Australia CEO whether it had categorically advised of a "hacking attempt".
"Not categorically, Senator, and he corrected himself in the House," Skinner said.
Services Australia also said during the hearing that it has redeployed 1,275 people from its debt and compliance section to support the processing work of payments made related to the government's coronavirus response, and that it would look into whether it would keep its temporary fully online identification processes in a post-COVID world.
"These opportunities often give us the chance to try some different things, make sure that they are backed in and supported, and we can move forward," Campbell said.
"So we will be looking at all those opportunities to enhance our service delivery and the experience of the citizen and engaging with the system [and] ensuring integrity."
Earlier this week, the Australian government once again failed to cater for surge capacity in its IT systems, as its COVIDSafe app fell over as Australians rushed to register. The backend for the app is hosted on AWS infrastructure.
As of Wednesday evening, over 3 million Australians have installed the app since Sunday, Health Minister Greg Hunt tweeted.