The Fascinating Case of the Australian Census
I must admit that as a performance engineer, I have been fascinated by the census website story here in Australia.
To simplify, the idea was that the entire population of Australia would fill its census form online on August 9th (although you could ask for a paper version). The website failed on the day of its release and has been unavailable for nearly 24 hours.
It was first assumed the load to be too high for the system to handle, but later reports suggested that several waves of DOS (denial of service) attacks were to blame. The fourth wave of attacks led the Australian Bureau of Statistics to close the website due to a possible security issue. We don't have much more to go on.
The taxpayer in me feels the cost of the census (I have read AUD9.6 million in the media) should have bought "me" a better customer experience.
However, the engineer in me cannot stop thinking about fixes and ways to help. It's all conjectures, after all we don't have many hard facts, and I can only go by my 15 years of experience in the industry.
I do have a lot of questions though:
- Was the application developed in a DevOps way with Continuous Integration and Continuous Deployment in mind? Was automated scaling considered and had it kicked in?
- Was testing automated from day one or was it all done towards the end? How accurate were the testing scenarios? How was the load modelled?
- How was security tested? How is security being monitored?
- Is there any sort of APM solution helping with performance monitoring and reporting?
- Did someone ring alarm bells and were they ignored?
I can only sympathise with the engineers trying hard to fix things right now, I am sure they would rather be enjoying a party to celebrate a successful release.
It's still a developing story but I think it will be an interesting case study as it was a website built for a specific purpose with a known maximum number of users, which to me made it more predictable than e-commerce websites I have worked on over the years.
Associate Professor, Research Leader/Founder, Research Cluster of Digital Inequality and Social Change (RC-DISC)
8 年The ACSC Threat Report 2015 (https://www.acsc.gov.au/publications/ACSC_Threat_Report_2015.pdf ) clearly showed with an example of a Case study (p.18) about possible DDos attack in similar cases of ABS. Unfortunately we don’t learn or give much emphasis on case studies as well as research….
Senior Technical & functional Business and Process Analyst Med-Large digital transformations, stakeholder management, process improvements
8 年I blame it on the project/functional scope, a project of this size should have had risk analysis,assumptions and flexibility. Looks like the login code was not tied to security and load balancing either.
Account Director driving complex transformation initiatives for the Victorian Government
8 年Romain Bigeard they need the team from Avocado Consulting to step in and use our performance experience to help them!
Entrepreneur, AI Whisperer, digital specialist, innovator, design thinking & agile enthusiast with senior experience working across corporate, government, small business and startups.
8 年Well said. I wrote an analysis yesterday you might find interesting. Just posted it into LinkedIn today - https://www.dhirubhai.net/pulse/censusfail-what-abs-did-well-didnt-other-agencies-should-thomler?trk=pulse_spock-articles