The Public Prosecution Service of the Netherlands said on August 5 it would begin a phased relaunch of its systems after a cyberattack that exploited Citrix vulnerabilities. The incident, which began on July 17, did not directly compromise speed cameras but hindered their reactivation nationwide.
Local reporting cited by Leeuwarder Courant indicates that dozens of speed cameras remain offline following the initial system compromise.
The Central Processing Office (CVOM) confirmed the ongoing issues to local media but would not disclose how many cameras are inactive or their exact locations, citing security concerns.
Experts say at least three types of cameras are affected – fixed speed cameras, average speed cameras, and flex speed cameras, which are mobile and relocated periodically – primarily on A roads (motorways) and N roads (connecting towns). The distinction is explained in Dutch road nomenclature, where A roads are high-speed routes and N roads connect cities with more frequent traffic controls.
The CVOM noted that while it is common for cameras to be taken offline for maintenance or inspections, the inability to reactivate them is unusual. The disruption stems from the broader cyber incident rather than the cameras themselves.
The Dutch National Cyber Security Centre (NCSC) updated its reporting on the Citrix NetScaler zero-day, saying vulnerabilities were exploited as far back as May and that several critical organizations across the country had been compromised.
In its August 5 statement, the Public Prosecution Service announced a phased relaunch to minimize disruptions to the criminal justice system. The restart is being coordinated with partners including the Netherlands Bar and Victim Support Netherlands (SHN). The Public Prosecution Service said the process would be gradual as interconnected systems and applications in law enforcement, the judiciary, the police, the CJIB (Central Fine Collection Agency), and the NFI (Netherlands Forensic Institute) are brought back online.
The first system to be reinstated was the service’s emails, which external parties could access again by August 7, though large file transfers remain restricted.
Rinus Otte, chairman of the Board of Prosecutors General, acknowledged that a full resumption would take time: “The Public Prosecution Service is obviously committed to minimizing the impact on victims, suspects, and convicted persons. Without everyone’s dedication, goodwill, and patience, it would not have been possible to still get so much done within all these limitations.”