As usual, students in the Newhall School District in Santa Clarita, California, were involved in the distance learning process, when the school district was suddenly forced to cancel online lessons in mid-September, due to a cyber attack that shut down the computer network in the entire school district. .
In a normal year, such an attack would have teachers switched off technology and diverted lessons to the classroom, but this is not an option with distance learning, stresses Jeff Pelzel, head of the school district.
“In this case, the challenge was that our children could not interact with their teachers on a daily basis through live instruction,” says Pelzel. “We also lost connection to our computer servers. It is never easy for your computer system to turn off.”
Cyber attacks across the United States this fall have prompted school districts to postpone the start of school, cancel lessons, and in some cases lead to the release of sensitive materials and student data.
Cyber security experts say that K-secondary education is increasingly the target of attacks by criminals who are attracted by sensitive data held by school districts and their historically weak cyber defenses.
The unprecedented reliance on remote learning during the pandemic has encouraged hackers even more, as the increased use of students’ and staff’s devices at home creates more possibilities for cyber-attack. And tech companies make years of modifications quickly, sometimes resulting in less secure use of new applications. These companies warn that schools should expect more attacks, but they also say attacks can be reduced through training and investing in strong cybersecurity defenses.
“I think there is clearly a shift,” says Keith Krueger, CEO of the School Networks Consortium, a professional organization for educational technology companies, adding, “especially with the problems of networks failing or being attacked across the country.”
A notable recent example is the attack on Dade County schools in Miami, Florida, where a teen was arrested last September for several attacks that flooded the district’s online learning system with heavy online traffic and prevented thousands of students from logging in. to class online.
Doug Levin, an education consultant in Arlington, Virginia, who tracks cyber attacks on public school districts, says the number and intensity of cyber attacks on school districts has increased for several years.
In 2019, Levin recorded 348 cybersecurity-related incidents, a threefold increase compared to the previous year. This year, the number of cyber attacks decreased during the first few months of the pandemic, but increased since the beginning of the school year, and if the current trend continues, it could exceed the total attacks recorded last year.
“It’s a challenge for school districts, without a doubt,” Levin says. “Unfortunately, cybersecurity has not been a priority in schools in general.”
In fact, school districts, like other local government entities, are often attractive targets because of their potential use of outdated technology, their reliance on smaller IT teams, and the holding of sensitive data.
Vicki Anderson, an FBI special agent, says the bureau issued a warning this summer to school districts nationwide about cybersecurity attacks during distance learning. It recommends that school districts take preventive steps such as training staff and students to use strong passwords and not to click on suspicious links.
On the other hand, it is recommended that B. IE» schools not to pay money for attacks that demand ransom and contact him immediately
Organizations such as the School Networks Consortium, the school technology organization, assist school district leaders, school boards, and technology administrators with cybersecurity by providing resources such as training and handouts with advice and guidance. It is also lobbying the Federal Communications Commission to include cybersecurity as eligible services in the Schools and Libraries Program, which is a major source of school technology funding.
Kruger argues that school districts vary greatly in their ability to provide cybersecurity, with smaller, rural school districts generally having fewer resources and less expertise to enact strong policies. He also points out that the alarming digital divide in the country extends to cybersecurity.
“We must secure broadband Internet access,” he says. Back in Newhall Schools in California, the school district is now working with a team of technology-savvy investigators to restore access to the network’s servers. Meanwhile, teachers resumed online lessons about 10 days after the ransom attack. It appears that no data on students or staff has been released.
Pelzel, the school district’s president, says the experience has been upsetting for staff and families, and stressful for members of the IT department who have to work overtime. But “the positive thing about this experience is that one learns lessons and things that one can do for promotion and support.” In this context, the school district is currently reassessing its cyber security and plans to submit recommendations to its board of directors.
From using strong passwords and “multi-factor authentication” to storing data in a mixture of virtual and real secure locations, school districts take a variety of measures to thwart attacks. “I’m telling everyone now that there are things you can do right now!” Pelzel says.
Published by special arrangement with the Christian Science Monitor service.