Dive Brief:
- The City of New Orleans declared a state of emergency after an attempted cyberattack Friday, though officials said the city is already in recovery mode and data loss was "very minimal."
- The city saw suspicious activity on its networks around 5 a.m. ET. It quickly shut down its computers and servers, then declared a state of emergency before opening an investigation alongside federal and state authorities. The source of the cyberattack is still unknown.
- The city is now in "recovery mode" and there is no evidence of personal data loss, said New Orleans Mayor LaToya Cantrell at a press conference Saturday. Around 4,000 computers need recovery, as well as 400 servers, comprising around 7,000 terabytes of data. City services will be "impacted in various ways" as IT works to restore normality, Cantrell said in a tweet Sunday.
A declaration of a state of emergency has been filed with the Civil District Court in connection with today’s cyber security event. pic.twitter.com/OQXDGv7JS4
— The City Of New Orleans (@CityOfNOLA) December 13, 2019
Dive Insight:
Cyberattacks are becoming increasingly common in governments at all levels, but are particularly impactful in cities with aging IT infrastructure and few security safeguards in place.
Research from the University of Maryland said "local governments as a whole do a poor job at managing their cybersecurity," according to Emsisoft. As a result, local governments have been prime targets for bad actors.
Last year, Atlanta suffered a cyberattack that left its systems crippled for weeks and forced city staff to carry out tasks on paper until it recovered. Cybersecurity was "not a topic of conversation" among residents initially, but the attack changed that, Atlanta Mayor Keisha Lance Bottoms said At the Smart Cities New York conference last year.
Elsewhere, cities as large as Baltimore and as small as Riviera Beach, Florida have been cyberattach victims, which resulted in more than $45 billion in losses from an estimated two million attacks in 2018, according to The Internet Society's Online Trust Alliance.
The REvil ransomware strain hit local governments in Texas in August, forcing the state to declare a state of emergency. By November, Louisiana acted in an "abundance of caution" and the state's Office of Technology Services disabled state servers to prevent further spreading.
Some cities hit by ransomware have been tempted to pay hackers while even more cities have refused.
Lake City, Florida, which was hit around the same time as Riviera Beach, opted to pay the ransom. The city only paid a $10,000 deductible to its insurance provider. The City of Johannesburg was one that refused to pay; security consultants said meeting such demands sets a bad precedent and can embolden hackers in the future.
That trend has taken hold in the U.S., too. In July, more than 225 mayors signed onto a U.S. Conference of Mayors resolution to not pay ransoms. The group has a "vested interest in de-incentivizing" future attacks.
Budgets can be tight for avenues like cybersecurity, but there is movement in Congress to help. A bill introduced in April would create a grant program in the Department of Homeland Security (DHS) to help states develop and implement cyber resilience measures in response to the growing threat of cyberattacks.
As the recovery process continues for New Orleans, it's a priority to build back stronger, said Cantrell. As attacks get more sophisticated, it will be imperative for other cities to do the same.