Cyberattack accelerates New Orleans IT modernization plans
City of New Orleans
New Orleans, LA
In December 2019, the City of New Orleans fell victim to a cyberattack. Recovery lasted for months and was further delayed by the COVID-19 pandemic. The city not only implemented their disaster preparedness plan, but also used the opportunity to modernize their data platforms and accelerate tech adoption.
Topics Covered
Cost
Initial: Zero Upfront Cost
Funding
General Fund/Existing Public Funds
Project Status
Operational since 2019
Gov Champion
Chief Innovation Officer
Problem Addressed
Early on December 13th 2019, cybercriminals began their attack on New Orleans' networks.
NOLA Ready, managed by the Office of Homeland Security and Emergency Preparedness was on the case, tweeted that "suspicious activity was detected on the City's network" and "activity indicating a cybersecurity incident was detected around 11 a.m." From here, the city's IT department powered down computers and disconnected from Wi-Fi, followed by powering down of all city servers.
Soon enough, the mayor called a state of emergency, confirming the incident as a ransomware attack. This left government officials off networks, unable to work, and fearful of what would happen to important government files.
The New Orleans ransomware attack followed another that targeted the state of Louisiana just one month earlier. New Orleans applied protocols from the state level cyber attack to their response plan.
Solutions Used
City of New Orleans took cybersecurity measures to re-implement their IT infrastructure, wipe all computers and sanitize data in government servers.
Within minutes of the attack beginning, New Orleans CIO Kimberly LaGrue was in contact with state officials, and knew the course of action required communication with experts.
They undertook a full re-implementation of their environment, wiped all computers and sanitized data in government servers. Following the re-boot, the city needed to reach all 4,000 users, 3,000 workstations, and over 100 locations as fast as possible. Using communication protocols, they were able to quickly release information and provide dispatch.
Given the urgent need of clean data and platforms, the city formed a partnership with Pure Storage shortly after the incident. Pure Storage supported the team in building and managing a sanitized environment. The team knew that they needed new platforms where they could transfer data, manage their information and access it seamlessly and quickly.
Even before the cyberattack, New Orleans had plans in the case of an emergency. Whether it was a cyber or weather-related emergency, the innovation team was prepared to face several "bus through the window" scenarios. This facilitated their communication between the state government and Pure Storage, allowing for seamless collaboration.
Outcomes
1
In response to the cyberattack, the City accelerated modernization by replacing legacy applications and outdated tools.
2
New technology and platforms to help the team better consume and manage data in the short and long term.
3
The City renewed their emergency preparedness by creating thorough plans with projected steps in the event of another cyberattack.
Lessons Learned
1
Having at least one paper copy of their disaster recovery plans allowed the City to access the documents even when they were logged out of their servers.
Who Should Consider
Cities and states looking to prepare themselves for cybersecurity attacks and better protect their data.
Last Updated
Mar 22nd, 2022More resources about this case study
Keywords
