Ransomware in Schools: White House Wants Action NOW
Biden administration hosts summit; bangs heads together from government, school districts and industry.
Ransomware scrotes attacking public schools is a huge problem. And it’s getting worse—especially in primary and secondary schools. The White House says it’s “taking additional action and committing resources to strengthen the cybersecurity of the nation’s K-12 school systems.”
But where’s the money coming from? In today’s SB Blogwatch, we wonder if localism works.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Dialectic.
Don’t Make Me Tap the Sign
What’s the craic? Frank Bajak reports—“White House holds first-ever summit …”:
“Five-alarm fire”
… on the ransomware attacks plaguing U.S. schools, in which criminal hackers have dumped online sensitive student data, including medical records, psychiatric evaluations and even sexual assault reports. … At least 48 districts have been hit by ransomware attacks this year — already three more than in all of 2022. … All but 10 had data stolen.
…
More than 1.2 million students were affected in 2020 alone — with lost learning ranging from three days to three weeks. Nearly one in three U.S. districts had been breached by the end of 2021. … Homeland Security Secretary Alejandro Mayorkas [urged] educators to avail themselves of federal resources already available.
…
A pilot proposed by Federal Communications Commission chair Jessica Rosenworcel … would make $200 million available over three years to strengthen cyber defense in schools and libraries. [But] “That’s a drop in the bucket,” said Keith Krueger, CEO of the nonprofit Consortium for School Networking, [and] that the ransomware attacks plaguing the nation’s 1,300 public school districts are “a five-alarm fire.”
For example, let’s turn to Carly Page—“Colorado warns hackers stole 16 years of public school data”:
“Spate of ransom attacks”
The Colorado Department of Higher Education (CDHE) confirmed it experienced a ransomware incident that saw hackers access and copy data from its systems. … Those affected may include individuals who attended public … education institutions in Colorado … between 2004 and 2020. [It] likely encompasses a large number of individuals. The department said it plans to notify those affected.
…
Colorado has suffered a spate of ransom attacks in recent weeks. Colorado State University (CSU) confirmed last month that the Clop ransomware gang had stolen sensitive personal information belonging to current and former students and employees during the recent MOVEit mass hacks.
Why? And why now? Sam Sabin explains—“White House unveils its plan”:
“Lack of funding”
The White House estimates that at least eight K-12 school districts faced “significant cyberattacks” last school year. Four of those schools had to at least cancel classes as they responded to the attacks
…
Schools have struggled to improve their cyber defense postures due to a lack of funding and buy-in from district administrators trying to juggle other priorities. [So] the new plan pulls in resources from the public and private sectors to make it easier for schools to access better cybersecurity tools. [But] none of them mandates that schools participate.
Show me the money. Dave cuts to the chase:
State and local governments have low pay scales and fail to hire the best people. State and local governments don’t want to spend any money on security.
Sounds like a “you can’t get there from here” answer. laughingskeptic suggests where the problem lies:
Running one public school district should be pretty much the same as running another. Yet every school district has its own unique collection of software tools, processes and procedures.
…
Why are all of these districts on their own when it comes to buying and configuring technology? The way we go about this is completely nuts. We need School Tech as a Service (STaaS) to support our school districts.
Is it time to blame Microsoft yet? u/bitfriend6 thinks so:
Just stop using Windows. … Microsoft has provided a knowingly bad product and society tolerated it because it was cheap, available, and ran out of the box.
…
Alternatively, we can just have our schools periodically shut down completely when the school server is hacked and drops all the students’ [PII] onto the Russian government. Having your child’s name be used to obtain credit cards and payday loans to fuel a violent war against us isn’t funny—and that is when people stop trusting the government entirely.
Good luck with that idea. Jason paints a picture:
At the last school district I worked for, the security was, “Just make it work,” built around the district leadership who were—well—”luddites” to put it politely. Security for them was reflashing all the lab computers so students couldn’t leave anything on them.
How come? u/Civil_Disgrace has a neat answer:
Executives in charge of the purse strings don’t make it a priority—and use hope as a strategy.
Meanwhile, drew_92123 thinks out of the box:
Ummm, how about: … Just stop putting computers with sensitive student data on the ****ing internet, like morons. Solving the problem really is that easy.
And Finally:
I don’t care to say #4 is my favorite
CW: Slavery, kidnapping, bloody Vikings
You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi, @richij or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.
Image sauce: Renan Kamikoga (via Unsplash; leveled and cropped)
