Audit deems NSW driver vehicle system at ‘end of life’

A new report from the NSW Auditor-General has found Transport for NSW’s (TfNSW’s) driver vehicle system (DRIVES) is at “end of life”, with the agency criticised for not better managing the system’s growth and transition to a modernised version.

The report acknowledged that while the system, first introduced in 1991 and now holding the information of over 6.2 million driver licences and over seven million vehicle registrations, has been extended and updated in the last 33 years and has grown to become an important facility to Service NSW and NSW Police, it is still based around the same core system.

The audit found TfNSW has not adequately prepared for the replacement of DRIVES, after the agency spent $36 million on its third business case to replace the program out of $60 million in funding allocated in 2019.

“TfNSW has been slow to reduce the risk of misuse of personal information held in DRIVES. With its delivery partner Service NSW, TfNSW has also been slow to develop and implement automatic monitoring of access,” the report said.

“TfNSW uses recognised processes for managing most aspects of DRIVES, but has not kept the system consistently available for users. TfNSW has lacked accurate service availability information since June 2022, when it changed its technology support provider.

“TfNSW needs to significantly prioritise cyber security improvements to DRIVES. TfNSW is seeking to lift DRIVES’ cyber defences, but it will not achieve its stated target safeguard level until December 2025.”

The program has cost TfNSW an estimated $146.6 million to run over the last five years, and the audit criticised the agency for wasting its planning effort and lagging on a replacement system since the 2010s.

The audit made the following recommendations:

  • implement a service management framework including insight into the views of DRIVES users, and ensuring users can influence the service
  • ensure it can accurately and cost effectively calculate when DRIVES is unavailable due to unplanned downtime
  • ensure implementation of a capability to automatically detect anomalous patterns of access to DRIVES
  • ensure that DRIVES has appropriate cyber security and resilience safeguards in place as a matter of priority
  • develop a clear statement of the future role in whole of government service delivery for the system
  • resolve key issues currently faced by the DRIVES replacement program including by:
    • clearly setting out a strategy and design for the replacement
    • preparing a specific business case for replacement.