Months before the first Russian missiles fell on Ukraine, East Baton Rouge city-parish officials received warnings of an increasing threat of cyberattacks targeting government systems, critical infrastructure and businesses.
Louisiana and the federal government both issued public cybersecurity alerts as the Russian invasion began in late February, calling on governments, businesses and other organizations to strengthen their online defenses in the face of an escalating threat of cyberattacks due to the war.
The need to prepare for cyberattacks is nothing new to the city-parish’s Information Services Department. Hackers are constantly trying to gain access to the city-parish’s online systems in hopes of holding them ransom or stealing data, Director Eric Romero said.
“It’s not just the Russian invasion that’s a concern,” Romero said. “That’s something that we’ve been dealing with for years now. When I say that nothing has changed recently, that is because that is our new norm. Cybersecurity is something that we’re constantly addressing here.”
The parish appropriated $2.8 million in American Rescue Plan Act funds to cybersecurity efforts last year, money that has been used to upgrade the systems that defend against a variety of different types of cyberattacks and hire cybersecurity experts to work with the IT department, Romero said.
Distributed denial-of-service attacks — which overwhelm servers and websites — ransomware attacks and data theft are longstanding concerns because a successful attack could lead to a shutdown of city-parish services or the theft of private taxpayer information, Romero said.
A 2019 ransomware attack cost New Orleans more than $7 million to recover from. Our Lady of the Lake’s payroll system was shut down after its human resources provider, Ultimate Kronos Group, fell victim to a cyberattack in December.
But a cyberattack by a nation-state is a new and dangerous possibility in the wake of a wave of sanctions enacted by Western nations intended to damage the Russian economy in response to the invasion, government officials say.
The U.S. Cybersecurity and Infrastructure Security Agency issued a “shields up” alert on Feb. 23, telling public and private IT departments to be ready for cyberattacks that could disrupt normal operations.
“While there are no specific or credible cyber threats to the U.S. homeland at this time, Russia’s unprovoked attack on Ukraine, which has involved cyber-attacks on Ukrainian government and critical infrastructure organizations, may impact organizations both within and beyond the region,” reads the alert. “Every organization—large and small—must be prepared to respond to disruptive cyber activity.”
Louisiana’s Governor’s Office of Homeland Security and Emergency Preparedness sent out a similar warning to local governments around the state. The agency also said there are no known cyber threats to Louisiana at this time, “however, this should not prevent us from preparing for and posturing to respond to imminent attacks,” according to an email provided by the agency.
To date, the spike in cyberattacks has been limited to Eastern Europe, and both Russia and Ukraine have embraced the practice as a tool of war.
“We are creating an I.T. army,” Ukraine’s minister of digital transformation, Mykhailo Fedorov, tweeted Feb. 26, directing amateur hackers to a Telegram channel that contained instructions for knocking Russian websites offline. “We continue to fight on the cyber front.”
There’s concern that the attacks will spread to the rest of the world as Western sanctions tighten their grip on Russia’s economy, said Chad Adams, a cybersecurity advisor with the Cybersecurity and Infrastructure Security Agency Region 6, which includes Louisiana.
That concern prompted the “shields up” alert and the creation of a website where organizations can learn the best practices for defending themselves from hackers, Adams said.
Like Romero, Adams said the threat of cyberattacks is nothing new to the U.S.
“They should be doing that regardless of the war in Ukraine,” Adams said. “(The war) amplifies it, but the actual issue has always been ongoing. We’ve always been a target for attacks because we have a lot of critical infrastructure in our country. We’re a big target.”
Tips for large organizations and private citizens alike are as simple as keeping software up to date, using strong passwords and implementing two-factor authentication when logging into an account, according to the website.
The agency doesn’t have any information indicating that a Russian cyberattack is imminent, and there are “a lot of factors” that go into whether or not that threat will escalate, Adams said.
“We’re always worried… and proactive cybersecurity is what people need to understand is important,” Adams said. “They need to be addressing their vulnerabilities. … They need to be preventing issues with cybersecurity prior to them happening to their organization.”
Information Services has worked with Baton Rouge businesses in the past to distribute information on best cybersecurity practices, a campaign that may be restarted in response to the heightened threat, Romero said.
“Whether Russia continues with the invasion or stops the invasion and goes home, we are staying on top of cybersecurity because the threat is bigger than the Russian invasion,” Romero said.