The Governor’s Office of Homeland Security and Emergency Preparedness (GOHSEP) today released details about this summer's cyber attack on Louisiana school systems.
As we reported this summer, several school systems were offline after a widespread cyber attack. According to state officials, the attack was successful in five school districts, and had started in seven others before full containment occurred.
Here are the details released today:
In late July, Gov. John Bel Edwards issues the state’s first ever-Emergency Declaration for Statewide Cyber Incident. That step allowed Emergency Support Function-17 (ESF-17) to manage the functions and resources required to ensure timely and consistent response efforts for this significant incident. ESF’s are the structure for organizing and coordinating state resources by specific functions according to Louisiana’s Emergency Operations Plan. ESF-17 ensures appropriate coordination and inclusion of necessary state, federal and local agencies and private industry in order to minimize the impact of a cybersecurity incident.
“The GOHSEP, Louisiana Army National Guard (LANG), Division of Administration Office of Technology Services (OTS) and Louisiana State Police teams involved in aggressively responding to this potential cyber disaster deserve to be recognized for their efforts,” said Gov. Edwards. “In addition to the response, these teams also prevented additional problems by supplying school systems with the information and technical steps needed to keep this attack from growing. This ransomware attack started just days before school was scheduled to start for districts across the state. The teams and our local and federal partners managed to tackle the issues so fast, there were no ransoms paid and no disruption of school schedules.”
Timeline of events-
July 23, 2019
The first event is reported to the state’s Information Security Team
Three initial impacted school districts are identified
The Chief Information Security Officer notifies GOHSEP and requests ESF-17 activation
July 24, 2019
ESF-17 Resources arrive on site to the impacted parishes
Gov. Edwards issues an Emergency Declaration for Statewide Cyber Event
July 30, 2019
First verifiable evidence that the state’s actions disrupted and prevented additional school district attacks
August 4, 2019
Cyber-attack fully contained
August 12, 2019
Attacker’s malware fully eradicated from 69 public school districts
Final reports from this event indicate the ransomware attack was successful in five public school districts. Additional attacks were prevented in seven public school districts before it was fully contained.
“Louisiana has once again set the standard for an emergency due to the hard work and expertise of our men and women involved in this cyber-attack response,” said GOHSEP Director Jim Waskom. “Our efforts are being recognized by others across the country as a model for addressing this type of criminal activity. Gov. Edwards’ leadership and the cooperation of all the federal, state and local agencies kept this attack in check, with no ransoms paid. As technology grows, it is important for everyone to continue to look for new ways to prevent these types of crimes and protect our citizens.”
MG Glenn H. Curtis, Louisiana National Guard said, “The actions of Louisiana’s Cybersecurity response team were swift and effective. Having an operational Cybersecurity Commission paid huge dividends in our ability to respond to this threat and our multi agency, coordinated approach was overwhelmingly successful. It was impressive to see these experts go to work and I remain confident that Louisiana is on a path of success.”
You can find out more about the state’s cyber-attack response and hear from the technical experts on the October 2019 episode of The GOHSEP Get A Game Plan Podcast. You can subscribe to the podcast on Spotify, Apple Podcast or at several other podcast stores.
Another great resource is the Louisiana Cyber Commission website www.lacybercommission.la.gov [lacybercommission.la.gov]. You can learn more about the Cyber Commission and Cybersecurity Awareness Month. You can also find tips on proper cyber hygiene and tips on how to stay safe on line.