WASHINGTON– Some K-12 public schools are rushing to improve protection against the threat of online attacks, but lax cybersecurity means thousands of others are vulnerable to ransomware gangs that can steal sensitive data and disrupt operations.
Since a White House conference in August on ransomware threats, dozens of school districts have signed up for free cybersecurity services and federal officials have hosted exercises with schools to help them learn how to better protect their networks, Anne Neuberger said, deputy director of the Biden administration. national security advisor for cyber and emerging technologies.
Neuberger said more districts need to take advantage of available programs that would better protect against online attackers who increasingly target schools. His goal is to lock down computer systems and, in some cases, steal and publish sensitive personal information if a ransom is not paid.
“Compromise happens again and again, often in the same way, and there are defenses to protect against it. And here the government has really brought companies together, brought agencies together to implement some of them,» Neuberger said in an interview. «Don’t give up. Reach out and register. And your children will be much safer online.»
The administration announced measures over the summer to help cash-strapped schools, which have been slow to develop cybersecurity defenses. Ransomware attackers, many of whom are based in Russia, have not only forced schools to temporarily close but have exposed a large amount of students’ private information.
Last month, parents sued the Clark County School District in Nevada, alleging that a ransomware attack led to the disclosure of highly sensitive information about teachers, students and their families in the nation’s fifth-largest school district. In another high-profile case this year, hackers broke into the Minneapolis Public Schools system and dumped sexual assault case records and other confidential files online after the district refused to pay a $1 million dollars ransom .
More than 9,000 small public school districts in the United States with up to 2,500 students (that’s about 70 percent of the country’s public districts) are now eligible to receive free cybersecurity services from web security company Cloudflare through a new program called Project Cybersafe Schools, Neuberger saying. Since August, about 140 districts in 32 states have enrolled in the program, which provides free email security and other protections against online threats, he said.
James Hatz, technology coordinator for Rush City Public Schools in Minnesota, said the program came just in time for his district, quickly preventing 100 suspicious emails from reaching staff. Hatz said cybercriminals often try to get teachers to click on malicious links by posing as an administrator sharing documents on topics such as salary increases.
«We’re not going to be bulletproof, but the more we can do to make it harder, the better the user training, this program and everything else will be,» Hatz said.
Neuberger also said a $20 million grant program from Amazon Web Services that is designed to help schools improve their cybersecurity has received about 130 applications.
The Federal Communications Commission has also proposed a pilot program that would make up to $200 million available over three years to strengthen cyber defense in schools and libraries. Neuberger said the hope is that the money will be available to schools in the “near future.”
But Doug Levin, director of K12 Security Information eXchange, a Virginia-based nonprofit that helps schools defend against cybersecurity risks, said he fears attacks on schools will continue to grow in both frequency and scope seriousness without more support and federal requirements than the schools have basic cybersecurity controls.
“Most have not sufficiently funded their IT functions. They do not have cybersecurity experts on staff. And cybercriminals increasingly see them as an easy target,» Levin said. «So, ultimately, I think the federal government is going to have to do more.»
