Gone are the days of digging through cumbersome metal filing cabinets for the right manilla folder. Thanks to the advancements of humankind, life is simpler and far better organized. Every bit of information a company could need is all in one place and it’s readily accessible with the stroke of a key if privy enough to have a password. The same thing applies to schools that now keep student records and such stored on their own software for easy access. The problem for many schools is that the information, and the systems they store it on, are too easily accessible.
A middle school in Albuquerque, N.M. was just getting started for the day by giving its routine morning announcements which included a shout-out to the school’s new custodian for doing a great job when staff members began to detect a problem. Teachers couldn’t access attendance records, class rosters, or grades. They were locked out of everything.
As the school later discovered, it wasn’t only them. It was the entire school district and the largest one in the state. It also meant that emergency contacts and a very crucial list of what adults are allowed to pick up what children were totally inaccessible.
Speaking of the school’s downed system, Cleveland Middle School art teacher Sarah Hagar said, “I didn’t realize how important it was until after I couldn’t use it.”
The problem wasn’t caused by a glitch. The school’s system had been frozen by cyber-pirates in a ransomware attack. They found a hidden key, let themselves in, and bolted the door from the inside. This rendered all passwords null and void, pending payment of a steep readmission fee. After two days of the entire district being inoperable, the undisclosed ransom amount was paid.
This was by no means the first time an incident of this magnitude has occurred. While U.S. companies both small and large have contended with the issue for some time now, schools are increasingly becoming easy prey.
Doug Levin, director of the Virginia-based non-profit group K12 Security Information Exchange that helps schools defend themselves against cyber-crime said, “Pretty much anyway that you cut it, incidents have both been growing more frequent and more significant.”
Schools face a two-edged sword. They’re not required by law to report cyber attacks and the attackers know this. A simple threat to do it again should they squeal to the feds is generally all it takes to convince them to not flap their lips. This is why precise data is so difficult to attain.
The pandemic having forced some schools into virtual learning has only furthered educators’ dependence on the security of whatever system they rely on. The school districts of Baltimore County and Miami-Dade County have both experienced being held hostages of cyber-extortion. School districts in Wisconsin, New Jersey, and throughout the nation have had no choice but to pay their way out of hostage situations.
For schools holding in-session classes, teachers are falling sick and there aren’t enough substitutes to go around. This forces the educators who are there to rely more heavily on their computer software systems, while at the same time increasing their vulnerability to attack.
NYC got hit with a recent attack that wasn’t successful in canceling classes, but it did keep educators from accessing student grades. The attack served its purpose by escalating the stress of what few remaining teachers were left to fill in for the ones who are out sick or in quarantine.
Where’s Joe Biden? This involves the education of America’s youth. Our schools are under attack. That money should be going to educate them, not to fill the coffers of cyber-pirates. Let’s have a look, shall we?
Back in October Biden signed something called the K-12 Cybersecurity Act. While the name itself invokes grandiose might and power, don’t get overly excited. All it does is tell the federal cyber security agency people who are already trying to do their jobs, to let the old man know if they have any further suggestions for helping these poor schools out.