Internet Explorer 11 is not supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Schools Weren’t Ready for Cybersecurity Risks of eLearning

Experts predict cyberattacks against school systems will continue to increase as students return for the fall semester. More investments in cybersecurity is the only way to prevent future breaches.

(TNS) — School districts reliant on online learning because of COVID-19 may soon find students and teachers locked out of computer networks for days or weeks because of cyberattacks that could set kids further back and endanger their privacy.

Districts around the country are woefully unprepared to manage the heightened risks of online learning, say cybersecurity and education experts who predict a rise in ransomware attacks as millions of children begin a new school year in a pandemic.

Ransomware attacks, in which hackers disable network systems and collect sensitive user data before demanding payment for their safe return, and other cyber intrusions targeting schools have increased in recent years. School districts often lack large cybersecurity budgets and struggle to convince teachers and students to take proper precautions.

Some of the country’s largest school districts, including Los Angeles and Atlanta, recently started the year fully online. Others are offering hybrid learning options that have some students working remotely. Both scenarios could result in an already target-rich environment becoming more exposed than ever before.

“There is a very high likelihood this is going to be a very rocky fall for school districts with respect to cybersecurity,” said Doug Levin, president of EdTech Strategies, which tracks ransomware attacks, data breaches and other cyberattacks on K-12 schools.

Online learning means school districts will experience a proliferation of devices interacting on their networks, stretching existing security measures thin. Furthermore, home networks tend to be less secure and less frequently maintained than school networks.

It’s a near certainty that hackers are aware of the vulnerabilities, said Chris Hinkley, who heads the threat resistance unit at Armor Defense Inc., a Texas-based cybersecurity firm, and has been tracking ransomware attacks against schools throughout the year.

Districts where school is in session have already begun experiencing intrusions. Last Tuesday, after Miami-Dade County Public School students struggled to access online learning platforms for two straight days, the district became the target of a distributed denial of service attack, said Superintendent Alberto Carvalho. Commonly motivated by the potential for a ransom, a DDOS intrusion attempts to render online services useless, such as those used for online learning, by overwhelming them with traffic.

“There was a malicious attempt, malicious well-orchestrated complex attempt at derailing the connection which is essential for our students and teachers,” Carvalho told CBS Miami.

At least 27 school districts and colleges were the target of ransomware attacks this year, according to Armor, though it’s possible the actual figure is larger because many ransomware attacks are never publicly disclosed. This year’s targets ranged from large research universities like Michigan State University to tinier school districts like the one in Havre, Mont.

The majority of attacks tracked by Armor took place before schools closed in the spring, but Hinkley expects them to ramp up this fall.

“The chances of a school or a student being attacked right now are probably higher than ever,” Hinkley said.

Federal law enforcement agrees. In June, the FBI told K-12 districts that schools “represent an opportunistic target as more of them transition to distance learning,” warning of a rash of cyberattacks while the pandemic persists, according to the technology news site ZDNet.

Advocates for enhanced cybersecurity in schools have called on Congress to provide funding for better network defenses and training, but negotiations on Capitol Hill over the latest coronavirus relief package stalled before the school year started.

In March, Congress provided $31 billion for education in the initial coronavirus relief package, including online learning grants and $13 billion for elementary schools, but no funds specifically for cybersecurity. Subsequent Democratic proposals that include billions for online learning have also omitted cybersecurity funding.

The effects of spending heavily on online learning without investing in network defenses could ultimately place students at even greater risk, according to John Windhausen Jr., director of the nonprofit Schools, Health & Libraries Broadband Coalition.

“These bills would fund remote learning, which is a good and necessary thing, but they’re not funding cybersecurity along with it, and that opens up the network to even more dangerous activity,” said Windhausen, who is circulating a draft proposal on Capitol Hill that includes $1 billion for cybersecurity.

Windhausen also wants the Federal Communications Commission to adopt regulations that would allow schools to use federal subsidies granted through the E-Rate program, which provides low-cost internet access, to upgrade their defense systems.

Two FCC commissioners, Democrat Jessica Rosenworcel and Republican Michael O’Rielly, said last year they would consider supporting a change in the low-cost internet E-Rate program to allow for cybersecurity-related purchases, but no such rulemaking has taken place so far.

In the meantime, Levin is urging school administrators to do what they can with what they have. Districts should prioritize backing up the district’s data on a separate network and training teachers to take basic “cyber hygiene” precautions. Even small investments are worth it, Levin said, because the alternative may come at a much higher price.

“School districts are going to pay one way or another,” Levin said. “If they can’t find the money to put the cybersecurity controls in place, their likelihood of experiencing an incident will go up. Then they won’t have a choice but to spend the money, but it may cost even more.”

©2020 CQ-Roll Call, Inc., All Rights Reserved. Distributed by Tribune Content Agency, LLC.

 

Special Projects
Sponsored Stories
Sponsored
In recent years, local governments have been forced to adapt to a wildly changing world, especially as it pertains to sending bills and collecting payments.
Sponsored
Workplace safety is in the spotlight as government leaders adapt to a prolonged pandemic.
Sponsored
While government employees, students and the general public had to wait in line for hours in the beginning of the pandemic, at-home test kits make it easy to diagnose for the novel coronavirus in less than 30 minutes.
Sponsored
Governments around the nation are working to design the best vaccine policies that keep both their employees and their residents safe. Although the latest data shows a variety of polarizing perspectives, there are clear emerging best practices that leading governments are following to put trust first: creating policies that are flexible and provide a range of options, and being in tune with the needs and sentiments of their employees so that they are able to be dynamic and accommodate the rapidly changing situation.
Sponsored
Service delivery and the individual experience within health and human services (HHS) is often very siloed and fragmented.
Sponsored
In this episode, Marianne Steger explains why health care for Pre-Medicare retirees and active employees just got easier.
Sponsored
Government organizations around the world are experiencing the consequences of plagiarism firsthand. A simple mistake can lead to loss of reputation, loss of trust and even lawsuits. It’s important to avoid plagiarism at all costs, and government organizations are held to a particularly high standard. Fortunately, technological solutions such as iThenticate allow government organizations to avoid instances of text plagiarism in an efficient manner.
Sponsored
Creating meaningful citizen experiences in a post-COVID world requires embracing digital initiatives like secure and ethical data sharing, artificial intelligence and more.
Sponsored
GHD identified four themes critical for municipalities to address to reach net-zero by 2050. Will you be ready?