Back on Aug. 5, 2020, The Washington Post ran a story titled “America is about to start online learning, Round 2. For millions of students, it won’t be any better.” Here’s a quote from that article:
“’I remember people speaking of the Fourth of July as if everything would be fine by the Fourth of July, and life would be back to normal,’ said Casey Allen, superintendent of Ballard County Schools in Kentucky, which is offering parents a choice between in-person and online school.
“’Now,’ he said, ‘We will be building the plane while we fly it, on virtual learning.’”
The overall security story regarding online learning has not been good. Education Week just reported this week a story titled “Cyberattacks Disrupt Learning Even More During COVID-19“: “Cyberattacks on school districts are nothing new,” the article reads. “In fact, there have been nearly a thousand such incidents since January of 2016, according to the K-12 Cybersecurity Research Center.
“But as schools nationwide are engaged in full-time remote instruction or a hybrid of in-person and virtual learning, such attacks are arguably even more disruptive, both to students’ educational as well as social and emotional needs.”
Sadly, the virtual learning challenge is not just about delivering compelling content that keeps children (of all ages) engaged and growing in knowledge. Numerous cybersecurity incidents are derailing online lessons faster than COVID-19 outbreaks. Consider these news headlines:
- San Francisco Chronicle: “San Leandro schools stepping up online security after latest Zoombomb“
- Chicago Tribune: “Porn, guns and racism: Days into the new school year, virtual classrooms have been disrupted by hackers and pranksters“
- Hartford Public Schools: “HPS Opening Postponed“
- Cybersecurity-Journal.com: “Miami-Dade School District Hacked, Student Indicted“
- Local10.com: “Was cyberattack on Miami-Dade schools so easy a teenager could do it?“
Here’s a quote from the last article: “A distributed denial-of-service (DDOS) cyberattack is what allegedly took down online learning for Miami-Dade Public Schools early this week.
“The major looming question — why wasn’t the fourth-largest school district in the country ready for this sort of attack they say a 16-year-old pulled off?”
Universities Getting Attacked Online As Well
Meanwhile, global cyberattacks against universities have been increasing. The UK’s National Cyber Security Centre (NCSC), a cyber arm of the Government Communications Headquarters, issued a warning in the past week about the scope and impact of these threats increasing:
“This criminal targeting of the education sector, particularly at such a challenging time, is utterly reprehensible,” said Paul Chichester, director of operations at the NCSC.
“While these have been isolated incidents, I would strongly urge all academic institutions to take heed of our alert and put in place the steps we suggest, to help ensure young people are able to return to education undisrupted.”
In the U.S., the University of Utah paid more than $450,000 in a ransomware attack on its computers: “The cyber criminals encrypted about 0.02% of the data stored there before the U.‘s Information Security Office detected the attack. The university did not specify the threat, but ransomware attacks involve criminal groups that hack into and steal data; encrypt it so that its owners cannot access it; and demand payment to release the data — often threatening to release sensitive information if their demands are not met.”
Many other cyberattacks against global universities have accelerated during COVID-19, and the trend seems to be continuing as we head into the fall.
Good News On Cyber Educations from Cyber.org
In the “good news” category, DHS-funded Cyber.org held a kickoff of the development of national K-12 cybersecurity learning standards that can be used in schools and districts nationally, as no national standards currently exist. This work supports the recommendations of the recent Cybersecurity Solarium Commission report to recruit and develop the next generation of the federal cybersecurity workforce and the bipartisan PROTECT Act.
Cyber.org has convened key stakeholders across government (including CISA, NICE and NSA), industry (including Palo Alto Networks and Southwest Airlines) and education (including historically Black colleges and universities like Grambling State University and Maricopa County Regional School District) to help develop the standards, which will be available at the start of the 2021-2022 school year.
I’d love to see the Cyber.org, or another DHS/CISA project effort, also include online cyberprotections for K-12 schools and universities in their scope of effort. While there are many organizations that are working together to stop cyberattacks, including ransomware, there needs to be additional funding and coordinated resources available to help these schools ensure that content is delivered safely and that the connectivity stays available.
I am concerned that cybercriminals continue to evolve their tactics faster than the “good guys” in times of crisis, and it is not encouraging that so many problems are hampering virtual learning efforts in the midst of the pandemic.
It does show renewed efforts and resiliency are needed for cybersecurity, now more than ever before.
Looking for the latest gov tech news as it happens? Subscribe to GT newsletters.