Louisiana issues another emergency declaration over ransomware
Louisiana Gov. John Bel Edwards on Friday declared a statewide emergency following a ransomware attack last week that prompted officials to temporarily deactivate government websites and other digital services.
Edwards’ declaration was the second such order he’s given in less than six months, following an emergency statement he issued in July when several school districts were hit with ransomware.
Although officials said the state’s cybersecurity teams responded quickly to the Nov. 18 attack, which involved the sometimes costly Ryuk virus, it caused Office of Motor Vehicles locations across Louisiana to remain closed for several days. The state’s Office of Technology Services continues to say there is no anticipated data loss due to the attack, but only a handful of OMV locations managed to reopen Monday after nearly a week of residents being unable to register cars, apply for or update driver’s licenses or file tax forms with the state government.
Edwards’ emergency declaration is largely directed at lifting penalties or fines for deadlines missed by the OMV’s multi-day outage, such as the expiration dates of temporary license plates.
While the emergency declaration came down Friday, Edwards had earlier in the week activated a Louisiana cybersecurity unit known internally as Emergency Support Function 17, a response team made up of people from OTS, the Louisiana State Police, National Guard, the state university system and other agencies.
Louisiana has been one of the more aggressive states in folding cybersecurity into the list of potential catastrophes that could trigger an emergency declaration, a formality that makes it easier to access a host of homeland security and military resources that wouldn’t otherwise be available in an IT crisis. The National Governors Association — in which Edwards serves as a co-chair of a cybersecurity initiative — has urged states this year to develop formalized plans for how they would respond to a widespread cyberattack.
In July, the NGA reported that just 15 states have made their cyber disruption response plans public.