Hackers smell blood as schools grapple with virtual education
Jeff Pelzel knew something was wrong when he arrived at his office on September 14 and saw no new emails in his inbox. “It never happens,” said Pelzel, superintendent of the Newhall School District in Southern California.
Mr. Pelzel asked his IT specialist if the district’s email system was down. Within minutes, he said, an aide responded with bad news: Hackers had crippled the district’s computer network.
The ransomware attack forced the district to restart its networks and cancel five days of virtual education for about 6,000 elementary school students, Pelzel said. A month later, a joint investigation with an external forensic society is continuing, he said, highlighting the havoc hackers have wrought on networks in some districts during the coronavirus pandemic.
“We are a small neighborhood,” Pelzel said, adding that the neighborhood near Los Angeles does not have dedicated cybersecurity staff to fight attackers. “That’s what these people do for a living.”
Many K-12 schools that have recently returned to virtual education have distributed devices to students and teachers while trying to prevent computer networks from crumbling under increased usage. Now, as this unique school year unfolds, the attackers are circling around.
They range from college students, like a Miami high school student recently arrested for allegedly overloading his district’s systems with a denial of service attack, to professional hackers demanding money. Rising data breaches, ransomware and phishing attacks disrupt classes from New York to California for a week as overworked technical staff in schools, often without dedicated cyber experts, try to keep pace.
After the Clark County School District of Las Vegas, a system of 320,000 students, failed to pay the hackers a ransom, they threw district employee social security numbers online last month. After a similar September attack on public schools in Fairfax County, Virginia, a local teachers ‘union is still seeking answers to its members’ data that has been compromised, according to an October 10 email from the union to officials. of the district consulted by WSJ Pro Cybersecurity. .
At least 289 districts in the United States have suffered cyber incidents such as hacks this year, according to Doug Levin, who runs Arlington, Virginia-based consulting firm EdTech Strategies LLC.
The number of publicly reported attacks jumped in August and September after a lull in the early months of the coronavirus pandemic, Mr. Levin said.
“The start of this school year has arrived like a lion,” he said, noting that many districts do not report cyber incidents. “It is good, much worse than what is actually displayed.”
For some students like Danny Rubin, a high school student at Yorktown High School in upper Manhattan in New York’s Hudson Valley, the threat of a cyberattack is a depressing addition to a school year marked by health fears, home gym classes and remote university tours.
“Here’s what it happened: The world has ended and people are now hacking schools,” said Rubin, whose school temporarily shifted from a blended learning model to distance learning afterwards. that his district shared the news of a cyberattack on October 10. 12.
The ransomware attack encrypted data on Yorktown Central School District networks, forcing officials to restore servers from backups and go room-to-room to reimage devices, Superintendent Ron Hattar said in a report. -mail to parents Thursday accessed by WSJ Pro Cybersecurity. The superintendent’s office did not respond to requests for comment.
While large districts have stepped up security in recent years as education has become more digital, many smaller districts do not have an information security officer like companies do to monitor their networks. said Richard Cocchiara, former CISO with the New York City Department of Education. who now works in a risk management startup.
“They barely have a technical department,” said Mr. Cocchiara, who has supervised more than 100 employees in the data and security teams for the 1.1 million student department.
While schools can access threat information through the Multi-State Information Sharing & Analysis Center, an intelligence-sharing group, efforts to close security gaps are often ad hoc.
April Mardock, for example, monitors Seattle public school networks on a daily basis as the district’s IT and cybersecurity manager. Overnight, she shares best practices in a 153-member Slack channel for a grassroots group called OpsecEdu, as well as a forum on the Discord messaging service of about three dozen K-12 cyber pros across the North. western Pacific.
The Seattle District IT team is relatively strong with its 18 engineers, the equivalent of two who focus on cybersecurity full-time, but expanding the district’s networks to cover 53,000 student devices – up from about 6 000 before the pandemic – let the team scramble, says Ms Mardock.
“The adversary is fighting with cluster bombs and we are fighting with muskets and slingshots,” Ms. Mardock said of K-12 cybersecurity in general.
Virtual harms also increase the workload. In the Beaverton School District, which serves more than 41,000 students in the Portland, Ore. Area, information security architect Nathan McNulty said he had been tasked with investigating the bad behavior of some students online, like name calling in private chats. Previously handled by teachers or principals’ offices, disciplinary work keeps Mr. McNulty, the district’s only security specialist, scanning networks for vulnerabilities and patching software away.
McNulty, who sits in the broader IT department, said building a larger cybersecurity team could be difficult given budget constraints. “To pay for my post, we have one less teacher,” he said.
Some lawmakers in Washington seem to have noticed this. Representatives Doris Matsui (D., Calif.) And Jim Langevin (D., RI) on Friday introduced a bill to strengthen K-12 cybersecurity by tracking incidents at the federal level and creating a program $ 400 million in grants for schools.
In the Newhall School District, a technical team of four is still working to restore some data as teachers relocate to virtual classrooms. “It’s a marathon,” Pelzel said, declining to discuss any potential demands from the attackers. “Who would have thought that we would want to go back to online learning?
Write to David Uberti at [email protected]
Copyright © 2021 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8