Just two weeks into the school year, the Rialto schools in California had to shut down virtual instruction for a week due to a malware attack.
Designed to disrupt or gain access to a school鈥檚 network, the malware attack also forced the 25,500-student district to collect鈥揳nd fix鈥搕housands of school-issued digital devices. Staffers wore masks and gloves as they worked, to protect themselves from potential COVID-19 infection.
Cyberattacks on school districts are nothing new. In fact, there have been nearly a thousand such incidents since January of 2016, according to the K-12 Cybersecurity Research Center.
But, as schools nationwide are engaged in full-time remote instruction or a hybrid of in-person and virtual learning, such attacks are arguably even more disruptive, both to students鈥 educational as well as social and emotional needs.
鈥淚 thought to myself, why would somebody do this to students? They are already going through so much,鈥 said Syeda Jafri, a spokeswoman for the Rialto district. She noted that many children in the district had lost a relative to the virus or had someone close to them get very sick. 鈥淐OVID is disheartening enough for children. It鈥檚 just one more layer of chaos that could have been eliminated.鈥
What鈥檚 more, with so many students taking classes only from home, a cyberattack can have an outsized impact on schooling.
鈥淚f a school experiences a cyber incident and even a significant one in normal times, you still have a teacher in the classroom with students,鈥 said Doug Levin, the founder and president of the K-12 Cybersecurity Resource Center. In that scenario, teachers 鈥渕ay not be able to follow their lesson plan, but can still do valuable things with that time. But if a cyber incident occurs in times of remote learning, the loss of that online access stops teaching and learning in its tracks.鈥
Plus, cyberattacks compound what is already a tense and difficult time for schools. 鈥淓verybody is on edge and has very little tolerance for these sorts of disruptions,鈥 Levin said.
Not only are cyberattacks more troublesome at a time when virtual learning is at its peak, they appear to be on the rise since the beginning of this school year, said Levin, who has been tracking cyberattacks on schools since early 2016.
So far, there have been 220 attacks for the 2020 calendar year, compared with 348 for the full 2019 calendar year. But the start of the school year is bringing a wave of new disruptions, Levin said. 鈥淭he cyber hackers are back at work,鈥 he said. 鈥淪ince Aug. 1, I鈥檓 seeing a spike for sure.鈥
This school year, Levin says, there have been, on average, two hacks a day. That鈥檚 unusually high, even for the start of a school year, when hacks tend to spike, he added.
Preparing for Cyberattacks
So how can school districts prepare for the possibility of an attack?
Levin suggested including not just IT staff, but the legal counsel and public relations department in creating a plan for how to handle a cyberattack. Districts should also know who their law enforcement contacts are, and consider having a cybersecurity firm on retainer that can help with recovery and forensics.
And he suggests that districts advocate for resources to help build up their IT capacity, team up with nonprofits for cyber security monitoring, and partner with other school systems.
Communicating clearly with parents, teachers, and the community is also key, said Patty Mazur, a spokeswoman for the 25,000 student Toledo school district in Ohio, which experienced an attack on Sept. 8, the first day of school. At the time, teachers were working from their classrooms in school buildings, while students were home, online.
The district recognized almost immediately that something was up.
鈥淎round noon, we started hearing from schools that were losing their internet connection,鈥 said Mazur. Some teachers were able to continue instruction using hotspots, but many had to stop teaching.
The district quickly launched a forensic search of its computer system. The pause in learning was relatively short-lived, with classes fully back online about a day and half later. The district also contacted the FBI, which is looking into the attack, Mazur said.
鈥淚t was just one more challenge that COVID-19 has put in our paths for getting ready for the 2020-21 school year,鈥 Mazur said. Her advice to other districts: Put out crisp, accurate information on the problem for the public. 鈥淪tay on top of it, be upfront,鈥 and be sure that you have all the facts straight, so that you don鈥檛 have to backtrack, she said.
鈥業t Is Disheartening鈥
In Connecticut, the 18,000-student Hartford Public 69传媒 had planned to open on Sept. 8, for both in-person and online instruction. But the district suffered a malware attack that disrupted the system the district uses to communicate transportation routes with its bus company, Leslie Torres-Rodriguez, the district superintendent, told NBC Connecticut. The district鈥檚 learning management system wasn鈥檛 affected, she said. Hartford was able to resume classes the following day.
Sometimes, students are behind the attacks. That was the case in Miami-Dade, the nation鈥檚 fourth largest district, which experienced a spate of technical glitches in its first week of instruction, beginning Aug. 31. A 16-year-old student used an online application to carry out the attacks and has been charged in connection with them, according to a statement from the 345,000-student district.
鈥淚t is disheartening that one of our own students has admitted to intentionally causing this kind of disruption,鈥 said Superintendent of 69传媒 Alberto M. Carvalho in a statement.
And in Virginia, the state鈥檚 largest system, Fairfax County 69传媒, was hacked this month. The attackers are asking for a ransom payment. They have threatened to disclose personal information, including student disciplinary records and grades, according to WRC-TV in Washington. The 187,000-student school system is working with law enforcement to resolve the problem.
Smaller districts haven鈥檛 been immune from cyberattacks, either. The 7,000-student Haywood school district in North Carolina鈥檚 Appalachian Mountains, had to pause its all-virtual instruction for a week, due to an attack that is now under federal investigation.
The superintendent, Bill Nolte, suggests that districts make sure their networks are in good shape before an attack happens, since that will make an attack easier to fix. And he urges districts to 鈥渃all on every available resource鈥濃搇ocal, state, and federal鈥搕o fix the problem.
鈥淭hings happen and the question is: how do you respond?鈥 he asked.