Alerted to the heightened threat of Russian cyberattacks against U.S. targets following the invasion of Ukraine, Seattle Public Schools have in recent weeks blocked web traffic from Russia, improved security firewall services and hired an additional antivirus company.
“The biggest problem is that schools are an easy target,” said April Mardock, the district’s cybersecurity officer. “Russia could unleash a whole bunch of attack bots, and they can do a good job of using them to attack many computers from a distance.”
Russian cyberattacks on American schools could cause serious disruption, Mardock noted.
“If schools are forced to go offline and parents can’t go to work because they have to stay home to look after their children, it could have a big impact on the local economy, the app of the law, all kinds of things,” she said. . “If I was a bad guy trying to play games with the United States and using schools as a tool, I would probably try to scare parents, create a lot of fear, uncertainty and distrust. to destabilize.
School districts across the country are trying to beef up their cybersecurity after the federal government warned of potential Russian cyber threats to US critical infrastructure.
“Some school districts are taking additional steps to protect themselves, such as restricting the ability of traffic from countries other than the United States to connect to school servers,” said Doug Levin, K-12 National Director. Security Information Exchange, a non-profit organization that tracks cyber incidents affecting public schools in all 50 states.
Districts are also increasing monitoring of their networks to detect malicious traffic and attempting to share intelligence with their counterparts as well as state and federal authorities, he added.
“School districts are unlikely to be the direct targets of Russian cyber activity, but that doesn’t mean they couldn’t be enveloped in broader attacks on the United States,” Levin said.
Districts should heed the US Cyber and Infrastructure Security Agency’s “Shields Up” warning last month about the growing Russian cyber threat to organizations, including state and local governments, Levin noted.
The federal agency recommended organizations “adopt a hardened posture” and offered advice on steps to take, such as updating software, testing backup procedures and ensuring manual controls are in place. available.
In recent years, schools have been hit hard by cybercriminals. Some districts have been victims of ransomware attacks, which hijack computer systems and hold them hostage until the victims pay a ransom or restore the system on their own.
An attack on a school district office can yield sensitive student and staff information. Districts can also be compromised if students click on phishing links or download malware onto school computers.
During the pandemic, there was a wave of attacks on school districts, many of which had switched to virtual learning. This made it easier for hackers, as staff, teachers and students often used their own devices on personal networks connected to school systems, but lacked the proper security controls.
Some districts have been forced to push back school reopening dates. Others who resumed school had to cancel classes for a day or more.
In some ransomware attacks on schools, cybercriminals have not only encrypted data and demanded a ransom, but also threatened to post sensitive student or staff information online if their extortion demand is not met. was not satisfied. Sometimes they ended up doing just that.
In October, President Joe Biden signed legislation directing the federal cybersecurity agency to study cyber risks facing elementary and secondary schools and develop recommendations to help schools address those risks.
A March report from Levin’s group found that last year there were at least 166 publicly disclosed cyber incidents affecting 162 school districts in 38 states. For the first time, ransomware was the most common such incident, often resulting in school closures and recovery costs ranging from hundreds of thousands to millions of dollars.
In 2021, at least 62 ransomware cases were reported; in 2018, there were 11, according to Levin.
“There is every reason to expect that, in the absence of meaningful interventions, cyber incidents will continue to plague school districts, exposing members of the public to significant and preventable risks,” concludes the report.
So far this year, at least eight school districts across the United States have fallen victim to ransomware attacks, according to Brett Callow, threat analyst for cybersecurity firm Emsisoft.
Levin said districts should have cybersecurity risk management programs and adopt multi-factor authentication — a security technology that confirms identity before someone logs in, usually via a password or number. single-use random sent to smartphone or email address.
“Schools are moving slowly in this area,” he said. “But they’re looking forward to implementing it, given what’s going on.”
In Austin, Texas, where the school district requires multi-factor authentication in its finance, human relations, and technology departments, officials say they’re making sure their cybersecurity is even tighter in light of the cyberthreat. potential Russian.
“A lot of ransomware groups are coming from Russia, and now they have nothing to lose,” said Maxfield Marchlewski, director of information technology security for the Austin Independent School District. “We take this very seriously.”
Marchlewski said the district’s firewall vendor has tightened IP address blocking and network firewalls.
The district also hired a company last month to perform penetration testing to scan for system vulnerabilities, according to chief technology officer Sean Brinkman. Penetration testing is a simulated cyberattack on a system performed to assess its security.
“We knew we wanted to do this before,” Brinkman said. “We finally pulled the trigger.”
Large school systems aren’t the only ones trying to beef up their cybersecurity.
In Indiana, Zionsville Community Schools, which has about 8,000 students, also took more precautions, said Dan Layton, chief innovation officer.
“Since the Russian attack, we’ve stepped up, looking for vulnerabilities,” said Layton, who also chairs the Indiana Council of Chief Technology Officers, a group of school district and college chief technology officers. information managers.
The district has begun blocking more IP addresses and continues to closely monitor any signs of ransomware, Layton said.
“We are making sure to keep our networks closed as best we can,” he said. “We have to be right 100% of the time, and a bad actor only has to be right once.”