Cyber Incident Victim: Fire Rescue Victoria
Date:
Dec 2022
Location:
Australia
Summary
Fire Rescue Victoria experienced a widespread IT outage affecting critical systems including dispatch, network, and email services, forcing operations to shift to manual communication methods such as mobile phones, pagers, and radios. The disruption was later confirmed as a cyber attack by an external third party, prompting collaboration with cybersecurity specialists and government partners to mitigate impacts while maintaining emergency response capabilities; community safety remained unaffected, with crews continuing deployments via alternative processes and emergency calls handled as usual.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 14, 2022, Fire Rescue Victoria (FRV) experienced a significant disruption to its IT and communications infrastructure, first detected around 5:00 AM. The agency proactively shut down its computer dispatch system, email services, and network operations as a precautionary measure following indications of system compromise. Acting Commissioner Gavin Freeman stated during a press conference that FRV had not yet determined the cause but explicitly refused to rule out a cyber attack, emphasizing the investigation remained in its early stages. Emergency response operations transitioned immediately to manual protocols, utilizing mobile phones, pagers, and radios to maintain dispatch capabilities. FRV publicly assured Victorians that fire crews and appliances continued to be deployed normally, with no expected impact on emergency response times. The organization advised residents to contact Triple Zero (000) as usual during the outage and projected reliance on manual systems for three to four days while restoration efforts continued. Initial public communications via social media on December 14 confirmed ongoing tech issues while maintaining that community safety remained unaffected.
By December 15, FRV confirmed through preliminary investigations that the outage resulted from a cyber attack conducted by an external third party, affecting most operational systems including network infrastructure, email communications, and computer-aided dispatch. The agency engaged specialist cybersecurity firms and collaborated with state and federal government partners, including the Australian Cyber Security Centre, to address the incident. FRV acknowledged the United Firefighters Union's assistance in implementing alternative processes to sustain emergency operations during the disruption. No data theft or specific attacker details were disclosed in available communications. Throughout the incident, FRV maintained that manual dispatch workarounds effectively preserved community safety and emergency response continuity, with no reported operational failures or service degradation. Restoration timelines and technical specifics regarding the attack vector remained undisclosed in the immediate aftermath.