Ransomware attacks concern for school districts

High-profile ransomware attacks last year on Colonial Pipeline and JBS Foods led those corporations to pay multi-million dollar ransoms to hackers and caused supply chain bungles with national economic repercussions.

While cyber attacks on large companies gain notoriety, K-12 school districts quietly became the leading target of ransomware attacks in fall 2020, according to the FBI.

“The need for schools to rapidly transition to distance learning likely contributed to cybersecurity gaps, leaving schools vulnerable to attack,” the FBI wrote in its report.

Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid to unlock it.

Its effect on school networks can be crippling. 

A successful ransomware attack against nearby San Bernardino City Unified School District in 2019 locked employees out of the district’s network for multiple days, forcing classes to proceed without WiFi and other tech-based tools.

The attack occurred in October, which is coincidentally cybersecurity awareness month.

The district did not say whether confidential student and family information was compromised. Nor did it say how the incident was resolved after law enforcement and a third-party expert intervened to try to restore the network.

More:Ransomware, explained: How the gangs that shut down Colonial Pipeline, JBS USA operate

More:JBS, Colonial Pipeline together paid more than $15 million in ransom, representing one of the most insurmountable cybersecurity problems

Higher education institutions have not been spared, either. College of the Desert began its fall 2020 semester despite experiencing a malware attack that caused the college's website and email system to go offline although it is unclear whether hackers demanded a ransom to remove the malicious software.

With these threats in mind, the valley’s school districts are investing in cybersecurity to varying degrees.

The cost of (cyber)security

Will Carr, director of tech services for Palm Springs Unified, said the district spends approximately $247,000 per year on cybersecurity software subscriptions — some to protect against hackers and others to monitor students’ activity on the district’s network.

About a quarter of that cybersecurity budget is for a ransomware insurance policy with tech company SentinelOne that would pay the district $1,000 per compromised device up to $1 million if its encryption services failed to stop an attack.

Carr said that so far the district has not had to file a claim, and the SentinelOne service has successfully stopped four ransomware and more than 130 malware attacks in the last year.

Plus, the district spends $30,000 per year on a firewall  — a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.

From September 2020 through August 2021, Carr says the district’s firewall blocked 787,000 potential attacks.

A separate tool blocked 752,000 additional email threats.

For its part, Desert Sands Unified has budgeted over $2.2 million of federal COVID-19 relief aid on a “cyber recovery vault,” a tool that will help the district recover critical data in case of a ransomware attack.

The district plans to spend another $1.1 million of federal aid to bolster its network security with endpoint encryption, a tool designed to protect sensitive data against unauthorized access and leakage.

Desert Sands declined an interview request to discuss its cybersecurity protocols, issuing the following statement:

“For the continued safety and security of our district network, we do not publicly disclose cyber security items. However, we have implemented best in class cyber security solutions and continue to educate our students and staff on cyber security awareness.”

The district added that it was not aware of any ransomware attacks that had targeted its network in the past year. 

Coachella Valley Unified also declined an interview on this topic, and did not say what it has invested in cybersecurity measures.

What are kids Googling in school?

The other piece of the cybersecurity puzzle is monitoring what students (and staff) search for from within the district’s network.

Palm Springs Unified holds subscriptions to multiple software services that can monitor and block student internet activity while they are connected to the district’s network. 

For example, teachers can use GoGuardian to restrict student internet activity during testing. Conversely, with administration’s approval, teachers can temporarily allow access to websites with sensitive content on racism or hate speech in order to advance lessons on American and world history.

“It’s really good for classroom management,” Carr said.

Technology that saves lives?

Software also allows Palm Springs Unified to create alerts when students search for key words and phrases related to self harm. 

For instance, on the morning of Wednesday, Oct. 6, the district flagged the internet activity of two high school female students who had searched for terms related to self harm. By 11 a.m., the principal had responded to the alerts and addressed the students individually.

In some cases, Carr says the district has asked law enforcement to intervene when a student’s internet activity suggests an imminent risk of self harm.

He added, the technology “has saved a few kids’ lives.”

Palm Springs Unified is required to monitor the online activity of minors on its internet network according to the Children's Internet Protection Act.

Additionally, parents/guardians of PSUSD students sign an "acceptable use policy and technology loan agreement" that details the district's network and device rules.

How important is K-12 cybersecurity?

Carr says hackers know that school districts can’t afford to pay seven-figure ransoms like some corporations.

However, they are a popular target for another reason — their wealth of information.

“School districts are targeted more for student data than money,” Carr said.

According to a recent report from the K-12 Cybersecurity Resource Center, school districts are responsible for safeguarding data pertaining to more than 50 million U.S. students and their families.

Cybersecurity for U.S. K-12 school districts is a $760 billion industry, yet the number of successful cyber incidents at K-12 school districts quadrupled from less than 100 attacks in 2016 to more than 400 attacks in 2020.

Even with in-person instruction back in session, the adoption of digital technology for learning (such as handing out Chromebook laptops and hot spots to students and placing smart TVs in many classrooms) means that more school district devices are susceptible to hackers than before the pandemic.

That’s why Carr — who served eight years in the U.S. Navy securing early military networks before he joined Palm Springs Unified 21 years ago — says it’s imperative for his district to continue to invest in network security, educate staff and students on responsible digital citizenship, and be transparent about the district’s online capabilities.

“The more you know, the more serious you take things,” Carr said.

Jonathan Horwitz covers education for The Desert Sun. Reach him at jonathan.horwitz@desertsun.com or @Writes_Jonathan.

Comments are closed.