Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label American Schools. Show all posts

South St. Paul Public Schools Grapple with Ongoing Tech Disruption

 

South St. Paul Public Schools recently alerted families to ongoing technology disruption, shedding light on potential disruptions to online platforms, emails, and other digital services. In a note on Monday, the district acknowledged technical difficulties and later revealed the presence of "unauthorized activity" within its computer network. 

Upon discovering the unusual activity, the district swiftly took its systems offline to isolate the issue. To address the situation comprehensively, South St. Paul Public Schools enlisted the assistance of a third-party cybersecurity firm. This partnership aims not only to recover systems but also to investigate the cause and scope of the unauthorized activity. 

The district actively focuses on restoring all systems, emphasizing the importance of maintaining a productive learning environment for students and staff. Acknowledging the inevitability of cyber threats in today's interconnected world, South St. Paul Public Schools reassured families that proactive steps had been taken to create a secure online environment. 

This incident adds to a series of cybersecurity challenges faced by educational institutions in the region. In a previous case, the St. Paul school district notified over 43,000 families about a "data security incident" in February 2023. Fortunately, only student names and email addresses were compromised in the unauthorized access. 

The University of Minnesota also grappled with a data breach last year, exposing personal information spanning 30 years, from 1989 to August 2021. The breach targeted names, addresses, phone numbers, Social Security numbers, driver’s licenses, and passport information. Minneapolis Public Schools faced a ransomware attack in the same year, exposing confidential student documents online. 

The refusal to pay a $1 million ransom led to the compromise of sensitive data, including sexual assault cases, medical records, and discrimination complaints. South St. Paul Public Schools' proactive approach to addressing the ongoing technology disruption showcases the importance of swift action and collaboration with cybersecurity experts. 

As educational institutions continue to face digital threats, it becomes imperative for them to prioritize robust security measures, ongoing vigilance, and prompt response strategies. In an era where technology is deeply integrated into the educational landscape, the South St. Paul incident serves as a reminder of the ever-present challenges in safeguarding digital infrastructures. Educational institutions must remain vigilant, continually adapting to the evolving threat landscape to ensure a secure and uninterrupted learning experience for students and staff.

Cybercriminals are Targeting Schools, They are not Ready


This March, the Minneapolis Public Schools district witnessed a major ransomware attack, losing multitudes of private information such as students’ mental health records, sexual assault incidents, suspensions and truancy reports, child abuse allegations, and special education plans, that were released online. 

In 2022, a similar incident took place in a Los Angeles school district, compromising students’ psychological records. Baltimore County Public Schools had a cyberattack in 2020 that caused the district's remote learning programs to be interrupted, its business to be frozen, and cost the school system close to $10 million. The Chambersburg Area School District in Pennsylvania was the most recent educational institution to experience a cyberattack on September 1.

School districts have grown into a frequent target for school districts across the country, where cybercrime actors are regarding school systems as easy targets, due to a lack of cybersecurity infrastructure. Although many school districts are beginning to protect that infrastructure, experts say there is still much work to be done.

Following a phishing attack in 2019, the Atlanta Public Schools district deployed a private firm to look into their networks and find loopholes and vulnerabilities, according to Olufemi “Femi” Aina, the district’s executive director of information technology. Apparently, the district has also introduced security measures including multi-factor authentication on school devices, purchased insurance that covers cybersecurity liability, and backed up important school data offsite.

Additionally, the district educates both staff and kids on cybersecurity. Faculty and staff members are sent to cybersecurity training and take part in simulated phishing exercises. Multifactor authentication configuration and difficult password selection are lessons that are taught to students. 

“If you can prevent your employees or make them more aware, so that they do not click on those harmful emails, or respond to those types of messages, it can be just as effective, if not more, than a lot of different systems that we have,” Aina said.

Compromised private information like social security numbers, student health records and disability diagnoses, can result in days or weeks of missed school and lost instructional time for students. 

The federal government is also stepping in for a solution. Jill Biden, the first lady, Miguel Cardona, the secretary of education, and Alejandro Mayorkas, the secretary of homeland security, all served as cohosts of a recent Department of Education cybersecurity summit, where the agency unveiled a number of new initiatives and provided advice for school districts on how to deal with cyberthreats and what to do in the event of an attack.

According to Kristina Ishmael, deputy director of the Office of Educational Technology, the education department intends to create a special council made up of the federal, state, local, tribal, and territorial governments to coordinate policy and communication between the government and the education sector in order to strengthen school districts' cyber defenses. She described it as the "first step" in the department's plan to safeguard educational institutions from cybersecurity dangers and support their response to assaults.

Also, Federal Communications Commission Chairwoman Jessica Rosenworcel is planning on setting up a pilot cybersecurity program, along with the FCC’s E-Rate program, which was established in the early 1990s as a way to provide affordable internet for schools and libraries. 

The three-year pilot program will offer $200 million to schools and libraries eligible for the E-Rate program in order to hire cybersecurity experts and enhancing schools’ network security.

According to CoSN’s – a K-12 tech education advocacy group – CEO Keith Kruger, groups like the Consortium Networking, or CoSN have urged the FCC to upgrade the E-Rate program to include greater cybersecurity precautions. "We've been saying this is a five-alarm fire for the last two years," he said. 

“None of that really solves the problem that only about one in three school districts has a full-time equivalent person dedicated to cybersecurity,” he said. 

According to Kruger, school districts needs to be creative in their tactics to lure cybersecurity professionals their district need. Such strategies can involve collaborating with nearby community colleges, technical colleges, or vocational institutions to offer internships to students enrolled in cybersecurity programs.  

Role of Artificial Intelligence in Preventing Cyberattacks at K-12 Schools

 

Artificial intelligence (AI), according to cybersecurity professionals, might be a key component in averting ransomware attacks at K–12 institutions. There were roughly 1,619 ransomware assaults on school systems between 2016 and 2022, K12 Security Information Exchange (K12 SIX) stated. Sensitive information regarding kids, parents, and teachers has been made public as a result of these attacks, in addition to causing financial losses. 

A potential solution to this problem, according to Doug Levin, director of K12 SIX, is artificial intelligence. When IT staff is not accessible, he thinks AI can serve as a substitute set of eyes to keep a check on school networks. The technologies that schools already employ already include AI thanks to several manufacturers. This technology actively guards against cybercriminals trying to hack into systems and steal important data by keeping an eye on the network and taking preventative actions. 

“They’ve resulted in the publication of some incredibly sensitive information about students, about parents and about educators themselves,” explained Doug Levin. “One of the benefits of AI is that they can be that set of virtual eyes on the school networks when the IT staff are not able to do that.” 

However, Levin expressed his concerns regarding the expected high cost of implementing this cutting-edge technology into use. While AI could save schools from hiring more security-focused IT staff, the cost of these solutions might go up over time. 

The U.S. Department of Education has established a federal council to help school districts prepare for, respond to, and recover from such attacks in light of the growing threat posed by security incidents. 

Beyond the classroom, AI's potential for cybersecurity exists. It is increasingly being used to detect and prevent threats in an array of enterprises. AI can enhance security measures and offer early warnings for potential threats thanks to its capability to analyse vast quantities of data and detect patterns. 

While AI has the potential to strengthen cybersecurity defences, it is vital to continue to be on guard and prioritise cybersecurity education and training for all parties involved in the educational systems. Education institutions' level of safety can be significantly improved by better education combined with cutting-edge technologies like AI.