015

Tangipahoa Parish has become the latest victim in a series of cybersecurity attacks on Louisiana schools that prompted an emergency declaration and has officials scrambling to mitigate damage ahead of the school year starting next week.

In a social media post Monday, Tangipahoa Parish schools Superintendent Melissa Stilley said officials had been on higher alert for cyber attacks in the last week, and this weekend discovered "activity" on the district's network, though she did not specify the nature of those attacks.

As a precautionary measure, Tangipahoa schools shut down phone lines and email at the central office, schools and registration center Monday.

Three northern Louisiana school districts - Sabine, Morehouse and City of Monroe - saw "severe, intentional cybersecurity breaches" last week that prompted Gov. John Bel Edwards to declare a state of emergency.

In the declaration, Edwards said there was a significant risk the threats were ongoing.

Stilley stopped short of making a direct connection, but said in the social media release that Tangipahoa's problems appeared to be similar.

“These cyber criminals target state and local government agencies, infecting their computer networks with malware or locking down the network for a ransom,” Stilley said.

Governor's Office spokeswoman Christina Stephens said Monday that a support crew had been sent to Tangipahoa Parish to determine the status of their networks and what assistance they may need, but in general most cases are being led by local officials.

She said the state began communicating with all school districts in the state last week following the northern Louisiana attacks, and has sent a self-assessment tool so districts can determine their own risk level.

The governor's office, the Louisiana Department of Education and school district officials from around the state met on a conference call Monday afternoon to walk through the threat levels, preparations and to schedule more detailed technical calls with IT staff in the coming days, Stephens said.

Stephens said as of 4:30 p.m. Monday, the four already-identified districts were the only ones that had reported cyber attacks. She deferred to local governments to comment on the details of their individual attacks, but said there had been non-functioning systems and data loss.

A representative from the Tangipahoa Parish Office of Emergency Preparedness said Monday the agency had been working with the school system to navigate their threat, but declined to comment, instead deferring to the school system. Stilley, the school superintendent, could not be reached for comment Monday, and the district's email and phone lines were still non-functioning as of Monday afternoon.

The recent attack in the Baton Rouge metro region has prompted surrounding superintendents to take a hard look at their own security measures only days before the 2019-2020 school year is scheduled to begin.

Many school districts - Ascension, East Baton Rouge, East Feliciana, West Feliciana, Livingston, Pointe Coupee and West Baton Rouge parishes as well as Baker, Central, Zachary and the Catholic Diocese of Baton Rouge – have told The Advocate they've suffered no breaches in their security as of Monday afternoon, but Edwards' office and LDOE have been heavily involved in preventing further attacks.

Some districts, like West Baton Rouge Parish, have taken precautionary measures such as backing up electronic records to lessen the disruption of a potential attack. Baker reports adding more internal security over the past five months.

Stephens said it's been difficult to speculate the reason for the attacks, and added that the FBI and Department of Homeland Security has been involved. There have been similar attacks reported in other southern states like Alabama and Georgia, and she said while the four Louisiana incidents have been slightly different, all involved "some security issues and some data loss," though not all had a ransom request.

"The concern has really been to protect the data, protect the hardware and get their security measures in place," she said.

Livingston Parish Schools superintendent Joe Murphy said after a significant malware attack on his district last school year, officials reconfigured the district's entire dataset and implemented new security software. They brought in experts to assess the damage and effectiveness of the new systems.

"It's a tremendous impact obviously ... it makes instruction extremely difficult and the communicative efforts in the parish are severely hampered if we can't use emails or in-house systems are shut down. The worst part would be if we detected problems in the servers where the bulk of our information is kept," Murphy said.

He added that this time of year for his, and almost every other district, is one of the busiest when children are enrolling in school daily and staff members are working to transition kids' information from one grade level to the next. 

"As you can imagine if any of those systems are impacted it would certainly be a crippling blow at this time of year," Murphy said.

Edwards' emergency declaration marks the first activation of Louisiana's cybersecurity-specific emergency support function, which was introduced in 2017. Edwards established the Louisiana Cybersecurity Commission as a statewide partnership of public, private, academic and law enforcement stakeholders who could specifically examine cybersecurity threats as needed.

Local governments and school systems are often a target for malware and ransomware, according to Stephenson National Center for Security Research executive director Jeff Moulton.

"It's growing in use at the state and local levels because the attackers know government agencies, especially at the lower levels, are likely to pay," Moulton said in a press release.

Edwards' state of emergency declaration in this series of attacks activated Louisiana's Emergency Support Function 17, which is a cyber incident response plan. Moulton oversees the ESF-17 subcommittee.

Stephenson Technologies Corporation, which is LSU's applied research affiliate, is working with the Governor's Office of Homeland Security and Emergency Preparedness, the Office of Technology Services, and the Louisiana National Guard Cyber Team to resolve the series of recent school attacks, according to a press release from LSU.

Staff reporters Youssef Rddad, David Mitchell and Ellyn Couvillion contributed to this report.


Email Emma Kennedy at ekennedy@theadvocate.com.