Privacy & Security

Schools Aren’t Doing Enough to Protect Their Networks, Top Cybersecurity Official Warns

By Mark Lieberman — December 03, 2020 3 min read
Images shows a symbolic lock on a technical background.
  • Save to favorites
  • Print

The nation’s top cybersecurity official during a Senate hearing Wednesday urged K-12 schools to take advantage of federal resources for safeguarding their networks and lamented that only a small fraction of schools have done so.

Only 2,000 of the 13,000 U.S. school districts have signed up for free membership in the Multi-State Information Sharing & Analysis Center, which offers government organizations, including school systems, network vulnerability assessment, cyberthreat alerts and other related services. Only about 120 schools are using a no-cost federal service called “malicious domain blocking,” which helps prevent IT systems from connecting to harmful web domains.

Those numbers were shared during a U.S. Senate subcommittee hearing Wednesday afternoon by Brandon Wales, acting director of the Cybersecurity and Infrastructure Security Agency, a standalone federal agency overseen by the U.S. Department of Homeland Security.

“How do we build a national community with the school districts to get them focused on the security aspects related to their networks that are not going to go away even after the pandemic is over?” Wales said.

Even a minimal effort to strengthen cybersecurity could make a big difference for a school district or other government organization, Wales said.

“Ransomware operators are looking to make money quickly, and they are going to look for whoever is the most vulnerable,” he said. “With the bare minimum level of cybersecurity, there is a good chance that the ransomware operator is going to go on to the next victim.”

Wales assumed leadership duties at CISA on Nov. 17 after President Trump fired Christopher Krebs, the agency’s director. Krebs had raised Trump’s hackles earlier in November with a statement affirming the integrity and security of the 2020 presidential election, which Trump lost but has refused to concede.

U.S. Sen. Maggie Hassan, D-N.H., who organized the hearing, said the urgency has “never been greater” for stronger federal support for cybersecurity. Possible solutions, she said, include a grant program for state and local governments and improved information-sharing between the federal government and schools.

The hearing also included comments from Leslie Torres-Rodriguez, the superintendent of the Hartford school district in Connecticut. She delayed the start of the school year by one day in September after a ransomware attack temporarily shut down crucial systems, including the district’s transportation network.

“Two weeks later, our systems were still not yet fully operational and the costs to address this problem, financially and in resources and staff time, have been significant,” Torres-Rodriguez wrote in her prepared testimony.

The district is now in the process of restoring more than 70 terabytes of data, which has entailed shutting down all servers and drawing from backups.

Perhaps even more debilitating, the cyberattack also required the district to restore to factory settings every digital device that had been connected to the network at the time, Torres-Rodriguez wrote. The district had planned to distribute one laptop for every student in the district, but instead had to divert many of those devices to staff members, delaying efforts to ensure every student can access schoolwork during part- or full-time remote learning.

“We serve communities that have concentrated levels of need,” Torres-Rodriguez said during the hearing. “Every minute, every day matters to us in terms of having access to instruction and other social emotional supports.”

Hartford is one of many districts, small and large alike, that have seen the daunting task of maintaining instruction during a devastating pandemic further impeded by cybersecurity threats. Schools in Baltimore County resumed instruction Wednesday after three academic days were canceled due to a “catastrophic” hack. Huntsville City Schools in Alabama have suspended classes and sent on-campus students home for the rest of the week after an apparent ransomware attack.

For more on the cybersecurity challenges schools are facing, read Education Week’s coverage from earlier this week, and its special report on the topic from earlier this year.

Related Tags:

A version of this news article first appeared in the Digital Education blog.

Events

Special Education Webinar Reading, Dyslexia, and Equity: Best Practices for Addressing a Threefold Challenge
Learn about proven strategies for instruction and intervention that support students with dyslexia.
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
Families & the Community Webinar
How Whole-Child Student Data Can Strengthen Family Connections
Learn how district leaders can use these actionable strategies to increase family engagement in their student’s education and boost their academic achievement.
Content provided by Panorama Education
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
College & Workforce Readiness Webinar
The School to Workforce Gap: How Are Schools Setting Students Up For Life & Lifestyle Success?
Hear from education and business leaders on how schools are preparing students for their leap into the workforce.
Content provided by Find Your Grind

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
View Jobs
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
View Jobs
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
View Jobs
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.
View Jobs

Read Next

This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
Privacy & Security Quiz
Quiz Yourself: How Much Do You Know About Digital Threats on Student Devices?
Answer 8 questions to assess your knowledge of digital threats on student devices.
Content provided by Lenovo
Privacy & Security School Facebook Pages and Privacy Concerns: What Educators Need to Know
Facebook pages can build an online school community and boost school spirit. But they can pose serious problems for student privacy.
4 min read
All seeing eyes watching a boy on his laptop as he sits at the top of a giant staircase that resembles the Facebook thumbs up icon.
Illustration by Gina Tomko/Education Week and Getty
Privacy & Security Education Dept. Slow to Recognize Seriousness of Cyberattacks, GAO Watchdog Report Finds
The federal government has largely dropped the ball on some key steps to help schools prevent and deal with cyberattacks.
3 min read
 abstract digital key with technology interface, cybersecurity, key, lock, cellphone, fingerprint, and cloud computing icons
iStock/Getty Images Plus