In case you’ve somehow missed the headlines, the education systems in this country are under attack. Stow your politics, I’m talking cyber.
The latest is the 2nd largest school district in the United States — LA Unified School District was briefly taken offline and down over the Labor Day holiday, but quickly returned to function on Tuesday as kids went back to school. There were claims of a ransomware attack; however, there’s something else afoot here. But as you all know, I generally dislike speculation so I’ll leave you to read the details for yourself.
In the last 25 years I’ve worked in, with, and for various educational institutions in this great country, from faith-based education, to public primary schools, high schools, and colleges. With few exceptions, such as well-funded higher education institutions, there is something that every single one of these has in common. They’re all dramatically under-funded and under-managed when it comes to technology.
You’d think that knowing the importance of technology to the current generations of students there would be a lot of money and effort directed at technology, and hence, security. You, like me, would be wrong. Most of the schools I’ve worked with have tiny technology budgets compared to the actual need, and where they do spend money it’s on enriching the student’s ability to learn. Security pretty far down the list. What’s worse, these institutions are patchworks of ancient technology, hand-me-down laptops, donations, and half-broken things.
I’ve said for a long time that security vendors who want to test their kit in a real-world stress test should deploy to school districts across the country and see how they fare. In these places you’ll encounter a patchwork of operating systems, hardware platforms, software, and special-needs devices that make management damn near impossible — never mind security.
So why are schools a target? Pick a reason, there are so many. Criminals look at schools as soft targets to take down knowing their defenses are weak and they’ll pay up if they are taken down. Your kids’ personal information including addresses, SSN, and other identifying information is worth more on the open market because they don’t have mired credit histories yet and probably won’t look at their credit reports for a while. The reasons are many.
I log into my kids’ school’s online platform that connects me to their teachers, their school work, and other information nearly every day. Each time I do I marvel that the platform feels like it was written in the days of Office 95 and designed for Netscape Navigator 7. If you know these, you are picturing the web app in your head right now, aren’t you? How easy would it be to break in? Let’s just say it’s not something you have to be a nation-state threat actor to achieve.
I don’t envy the position of administrators in the education system. They’re caught with poorly run budgets, Unions and misguided school boards that control far too much and know far too little, and students that want to poke around. There is also a dramatic difference between private schools with big-budget spending on technology and security, and those not-so-privileged school districts where hand-me-down tech is a luxury.
At times it’s easy to get angry at the situation, and curse the criminals. The problem is we — those of us who are tax payers and parents — have a hand in this too. We need to put focus on the security of the technology that our children use in schools, keep a watchful eye on privacy, and do everything we can to make sure our children aren’t the target of online predation. Better funding isn’t enough.
So if you’re reading this, I challenge you to do what I’m doing. Go to your local school, or school district, and offer to help. You’re likely far more experienced and intelligent on cyber security matters than the administration — so help out. Offer advice, consult, work with tech companies to provide partnership and support. Tomorrow’s hope is today’s mission. Go.
By the way, if you’re on the administration side of the conversation — leave me a message directly or contact the Security Advisor Alliance. We’re an organization that can help, with experts, expertise, and a desire to train and bring our knowledge to your schools. Our mission and focus is on workforce development, but we can do so much more. It costs you literally nothing.
