Cyber Incident Victim: Informační systém stavebního řízení
Date:
Mar 2025
Location:
Czechia
Summary
Informační systém stavebního řízení experienced a partial outage caused by a DDoS attack on its technological bypass, which links older local systems with the newer digital platform launched earlier. The attack flooded the bypass server with excessive requests, disrupting service for building authorities and related agencies. Operators restored full functionality later that day and resumed the planned rollout of the bypass to additional offices, although the incident delayed the deployment schedule. Ongoing issues with the digitalization effort have prompted a new procurement process, with a completely tested replacement system anticipated for the future, while the bypass remains in use during the transitional period.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Tuesday, 18March 2025, the Informační systém stavebního řízení experienced a partial service disruption caused by a distributed denial‑of‑service (DDoS) attack targeting the technological bypass that links the locally used legacy systems of building offices with the new digital platform launched in July 2024. The attack flooded the bypass server with a large volume of queries, rendering it unavailable and affecting the ability of building offices and related authorities to process permit requests through the system. According to the spokesperson of the Ministry for Regional Development, Karolína Nová, the outage was repaired and full functionality restored by Thursday evening, 20 March 2025. Following the restoration, the ministry announced that the scheduled connection of additional building offices to the bypass would resume according to the original timetable.
The technological bypass was introduced to bridge the gap between the older local systems that building offices had used prior to digitalization and the new digital system that went live at the start of July 2024. From its inception, the new digital platform had been reported to suffer from operational problems, prompting complaints from office staff, builders, and designers. Deployment of the bypass began in mid‑January 2025, with the minister for regional development, Petr Kulhánek, stating that all 652 building offices were expected to be able to connect to the bypass by the end of March 2025. The DDoS attack on 18 March forced the postponement of the bypass rollout on some offices, as noted in an earlier statement from the ministry. Despite the interruption, the bypass remained the designated transitional solution for building offices while work on a completely new digitalization system continued.
In response to ongoing difficulties with the digitalization of building permitting, Prime Minister Petr Fiala dismissed the former minister for regional development and deputy prime minister for digitalization, Ivan Bartoš, in September 2024, a move that led to the Piráti party shifting to opposition. The government subsequently decided not to pursue further development of the existing system and issued a new tender for a replacement. According to the ministry, a fully tested and complete new digitalization system for building permitting is projected to be ready by 2028. Until that date, the transitional period will allow building offices to continue using the technological bypass for their permit processing needs.