RBA reveals plans for ‘data bunker’


The Reserve Bank of Australia (RBA) has called upon industry to help it build a data safe house to boost resilience in the event of data loss or corruption incidents.

The RBA will invest up to $1 million to develop its data sequestration system, or ‘data bunker’, to protect critical information assets from system outages, corruption of the bank’s primary data store, denial of service attacks “or other similar nefarious actions”.

The contracted systems integrator will be required to design and implement the data bunker, as well as develop operational procedures, policies and tools, and support for the first 12 months of its operation, tender documents reveal.

As nation’s central bank, the Reserve stressed the criticality of its services to the functioning of Australia’s payment systems, which “require the provision of ‘continuously available’ and ‘highly available’ externally facing technology services”.

The RBA says it holds “one of the clearest and strongest mandates in the world in relation to payments systems”, maintaining a key operational role in Australia’s banking system through its direct management of the Information and Transfer System (RITS) – the real-time gross, or high-value, settlement system used widely by Australian banks and payments services providers.

The Reserve, despite its established credentials as one of Australia’s most cyber-secure data houses, is indeed no stranger to unforeseen system downtime and malicious hacks. In August 2018, it faced a dual shock of a widespread power outage that subsequently triggered a barrage of automated AI-powered bots bearing down on its systems.

At the time, the Bank experienced a complete shutdown of all primary and back-up power supplies within one of its data centres, caused, according to RBA chief information officer Gayan Benedict, by the incorrect execution of routine fire control systems testing in the data centre by an external party.

The shutdown reportedly struck all of the Reserve’s backend systems, including RITS.

The Reserve, however, revealed no evidence of data loss as a result of the shutdown and subsequent attempted attack.

Last year, an audit by the Australian National Audit Office ranked the RBA one of the most cyber-secure federal agencies in the country.

Applicants for the ‘data bunker’ tender must prove “expertise, a proven track record and existing material in the design and implementation of managed data centre-based solutions”.

Tenderers must be both Oracle Platinum and Microsoft Gold partners and be able able to service: Oracle databases with data remotely replicated from on-premise systems; cloud-based solutions that include SQL server instances with data remotely replicated from on-premise systems; and the establishment of foundational capabilities to support and manage cloud-based solutions.

More information on the RBA’s request for tender can be found here.