Vic govt overhauls road camera security after WannaCry

The Victorian government will overhaul the state’s network of speed and red-light cameras in response to an investigation into a 2017 outbreak of WannaCry ransomware.

The government said it had accepted all the recommendations made by Road Safety Camera Commissioner John Voyage.

Voyage confirmed the findings of his interim report that WannaCry had not affected fines issued by the cameras.

“The independent commissioner has confirmed the WannaCry virus had no impact on the network,” police minister Lisa Neville said.

“We’re not only taking action to strengthen the network’s cyber security, but also our management operations so that it is protected against any future threats,” the minister said.

The government said it had already “taken early actions to improve the cyber security protocols to tighten the network so cameras are protected against the introduction of viruses from individual machines”.

Victoria Police in June 2017 said they would cancel fines that were based on evidence gathered from WannaCry-infected cameras.

Voyage in July 2017 issued his interim report that concluded WannaCry had not affected the cameras’ operations.

Victoria’s Fixed Digital Road Safety Camera (FDRSC) network comprises cameras operated by Redflex, Gatso and Jenoptik. WannaCry infected some 43 Redflex-operated Camera Control Units (CCUs) and 67 Jenoptik Site Controllers.

The ransomware is believed to have been introduced to the network by an infected USB drive.

Different elements of the camera network rely on Linux, Windows XP and Windows 7, with only the Windows 7 systems affected by the malware outbreak.

The Redflex CCUs ran Windows 7. The infected Jenoptik Site Controllers similarly ran Windows 7 (the Site Controllers are separate from the Jenoptik camera and detection units, which run on Linux).

The government said that implementing the commissioner’s recommendations would be the purview of a new division within the Department of Justice and Regulation. The government said it would appoint an “independent specialist organisation to oversee the reconfiguration of the network’s security.”

It will also review the powers of the Road Safety Camera Commissioner, establish a “reference group between contractors and stakeholders to continuously work towards strengthening our network before issues occur” and tighten security “so external viruses cannot spread within the network.”