“In the event, everything ran smoothly even though there were slightly less than one billion cyber attacks on our Census digital system on Census day, 10 August 2021,” Gruen said. Gruen was shedding light on ABS’s approach to cybersecurity in the wake of a string of cyberattacks targeting some of Australia’s biggest companies, including Optus, Medibank, and Dialog Group.
A Barrage of Attacks
While news of the nearly one billion attacks in a day paints a bleak picture of cybersecurity in Australia, the fact that the Bureau of Statistics was able to predict and defend against the attacks speaks volumes. “On census day alone, we blocked 308,735 malicious connections, and on investigating that, we blocked 130,000 IPs,” an ABS spokesperson said. Australia’s censorship bureau is not a stranger to cyberattacks. In 2016, the government had to take its first digital census offline for 40 hours due to DDoS attacks. “We haven’t eliminated all cyber risks – unfortunately, that’s an impossible goal. But we take data security very seriously and we have a multi-faceted approach that requires the continual attention of senior management,” Gruen said. Meanwhile, Australia’s cybersecurity minister Clare O’Neil said cyberattacks are now part of a new reality. “And this is the new world that we live in. We are going to be under relentless cyber-attack, essentially from hereon in,” she said.
‘Wake-up Call’
The recent cyberattacks in Australia have generated concerns about the country’s cybersecurity provisions. In 2020, the country pledged to spend A$1.66 billion ($1.1 billion) to strengthen national cybersecurity. With China-based actors such as “Red Ladon” increasingly targeting the isolated continent of Australia, the nation also put forward a A$10 billion ($7.5 billion) security spending package dubbed “REDSPICE” (Resilience, Effects, Defense, Space, Intelligence, Cyber Enablers) in March that also addresses national cybersecurity. Such events are a “wake-up call” for Australia, the Department of Finance Secretary Jenny Wilkinson told the Institute of Public Administration Australia’s national conference in Canberra on October 13. “Cyber security is essential. It’s not optional,” she said.