US Schools Targeted for Cyberattack: Reports

Lawrence Wilson
By Lawrence Wilson
February 24, 2023US News

Cyberattacks against K–12 schools in the United States are increasing, as efforts to combat them are hampered by inadequate staffing and security procedures, as well as a lack of data collection and communication between federal agencies that oversee school security.

Phishing, ransomware, denial of service attacks, and video conference disruptions hit at least 45 U.S. school districts that operate 1,981 schools during 2022, according to Emsisoft, a maker of cybersecurity software.

The number of attacks rose sharply during COVID-19-related school shutdowns when the rapid switch to online learning technologies brought new vulnerabilities. While increasing only slightly from 2021, the number of attacks remains well above previous levels.

The rise in cyberattacks has left education officials scrambling to address the threat and, in some cases, mitigate the damage caused by breaches to their computer systems, ransom demands, and the cost of upgrading security procedures and computer equipment.

Schools a Prime Prey

Cyberattacks have been reported by schools in most states, according to the Cybersecurity and Infrastructure Security Agency (CISA). Although no central data collection system exists, CISA reported a dramatic increase in attacks during recent years using publicly available data.

The lack of a central reporting mechanism is just one reason the exact number is hard to pin down, according to Dave Hinchman, acting director of information technology and cybersecurity at the Government Accounting Office (GAO).

“There seems to be a reluctance on the part of schools to voluntarily disclose these attacks, both for fear of self-identifying as the victim but also fear of being targeted again because they’ve demonstrated that they have a certain vulnerability,” Hinchman said on the Oct. 22, 2022, edition of the podcast GAO Watchdog Report.

A laptop computer at Grant Elementary School in Los Angeles on Aug. 16, 2021. (Robyn Beck/AFP via Getty Images)

Schools are often seen as easy targets because they’re less tech-savvy and either can’t afford to—or choose not to—prioritize computer security, he said.

There’s no single motive for cyberattacks on schools. Some hackers are after money, using so-called ransomware to lock administrators out of their own system until a payment is received. Others want to steal personal data or simply disrupt school operations.

In some cases, children or teens have launched cyberattacks on their own schools, often coinciding with a test day, according to Hinchman. For example, a 16-year-old Florida student was arrested in September 2022 for allegedly conducting several cyberattacks on Miami-Dade County Public Schools, where the teen was enrolled.

In the UK, a 2022 report by the National Crime Agency found that children as young as 9 had launched denial of service attacks on schools.

Learning disruptions from cyberattacks have ranged from three days to three weeks, and recovery time took up to nine months, according to the GAO, which reported on the problem in November 2022.

Some of the nation’s largest school districts have been targeted.

The Los Angeles Unified School District, which serves more than 500,000 students, was attacked by ransomware in September 2022. After the district refused to pay the ransom, the hackers released a large quantity of information from the district’s computers.

A cyberattack on a vendor serving Chicago Public Schools resulted in the disclosure of the personal information of 500,000 students and staff members in 2021.

A November 2020 phishing attack on Baltimore County Public Schools disrupted the school system’s website and remote learning programs for several days, costing taxpayers nearly $10 million in recovery costs and system upgrades, according to Maryland’s Government Accounting Office for Education.

Smaller districts have been hacked as well.

A 2021 attack on Indiana’s Duneland Schools, a district of about 5,000 students, focused on employee data that included birthdates, Social Security numbers, driver’s license numbers, and benefits information.

The U.S. Department of Education building in Washington on July 21, 2007. (Saul Loeb/AFP via Getty Images)

Michigan’s South Redford School District was closed for two days in September 2022 after system administrators discovered a breach in the school’s computer system.

Action, Coordination Needed

Two problems make U.S. schools vulnerable to repeated attacks: lack of action by local administrators and lack of coordination among federal and local agencies.

“Cybersecurity risk management must be elevated as a top priority for administrators, superintendents, and other leaders at every K–12 institution,” CISA said in a January 2022 report.

Given the fact that school districts usually operate on a tight budget, that requires a coordinated effort, according to the report.

“Leaders must take creative approaches to securing necessary resources, including leveraging available grant programs, working with technology providers to benefit from low-cost services and products that are secure by design and default, and urgently reducing the security burden by migrating to secure cloud environments and trusted managed services.”

CISA has published an Online Toolkit to help school administrators address the threat of cyberattacks.

CISA, the U.S. Department of Education, and the FBI each play a role at the federal level in ensuring the security of the nation’s schools, but they don’t collaborate enough with each other or with school districts, according to the GAO.

“The biggest issue we found is that there needs to be better coordination between the federal level and the actual K–12 organizations,” Hinchman said. “There’s very little actual direct interaction between the agencies or with the K–12 community.”

One reason for that is the lack of any organizational structure to bring the various stakeholders together.

“Our report recommends that a collaborative mechanism, such as a coordination council, be created to achieve these goals,” Hinchman said. “We think that such a council would prove to be a really valuable tool for facilitating better communication and coordination among federal agencies and with the K–12 community.”

From The Epoch Times

ntd newsletter icon
Sign up for NTD Daily
What you need to know, summarized in one email.
Stay informed with accurate news you can trust.
By registering for the newsletter, you agree to the Privacy Policy.