Initially, it was a complete lapse of judgement to outsource the project to anyone. Then there was a total failure to conduct a proper risk assessment, supervise the contractor, and finally to listen to in-house concerns – or the concerns of the Australian people.

This is textbook project management failure – and the failures are common to any project.

Then there was the actual execution and real-time mitigation of the issues arising on the 9th, which would have been trivial had either IBM or ABS planned properly in the first place. As reported, a 2Gbps DDoS, if it even existing in the first place – is a mere rounding error on a real attack.

The lack of redundancy, the lack or physical diversity, the obvious-to-anyone-thats-done-year-10-maths design rate of 250 transactions a second shows that everyone involved knew nothing about what they were doing.

Anyone with the slightest knowledge of deploying resilient online services is either laughing or crying about how ineptly this has been put together. How can the Government, with “Cyber Security Special Advisors” and $460k of testing get this so, so wrong.