According to district officials, the cause of the disruption was due to malware. The malicious code was used to disrupt, damage and gain unauthorized access to the computer systems, severely impacted the ability to provide online instruction. According to ABC News, the incident has affected all mobile computing equipment issued out to students.
District spokeswoman Syeda Jafri is quoted as sating that ]staff from the education information technology department are working “day and night” in order to resolve the crisis. The civil servant has reiterated that students who have been assigned devices that are linked to the district’s server to cease using them.
Jafri says: “Honestly, our response right now is to make sure that we understand the sensitivity of this situation — there are so many unknowns so we need to be careful.”
Looking into the issue for Digital Journal is Cath Goulding, CISO at Nominet who says that the education sector remains a prime target for bad actors: “It is unsurprising to see that hackers have targeted the education sector. With remote learning increasing, and more reliance on IT infrastructure than ever before, it was only a matter of time until more schools made the criminals’ hit list. The FBI had previously issued a statement to schools warning of this risk.
Goulding adds that the rapid shift towards e-learning, as a consequence of the coronavirus pandemic, has been instrumental in vulnerabilities appearing. Goulding adds: “The move to remote learning has happened at breakneck speed. Digital transformation that would have usually taken months has happened in weeks and schools are most likely still grappling with the risks. Protecting the education sector will require collaboration between the schools themselves and the various layers of federal and state governments. There will be a degree of educating the educators on the cyber security threats they will face.
In terms of lessons be learned, Goulding sets out some recommendations: “As school districts come to terms with remote learning practices, the government needs to ensure that there is a sufficient breadth of security, so that the smallest schools to the largest institutions will be protected from these attacks.”
In terms of achieving this, Goulding says: This can be done by pooling information and resources so that the smaller institutions can benefit from a scale of know-how and defence that they would find difficult to match operating independently. Much of this protection surrounds basic cyber hygiene, but it can appear a daunting task without tried and tested methods and tactics to implement across an organisation. The education sector is a vital part of any country, and ensuring that it can continue to function in these times is vital.”
