october 2021
In the spring of 2019, my school district experienced intermittent network disruptions over three weeks, with issues more concentrated during that last week. Unfortunately, that last week also happened to be the week our district was administering benchmark assessment tests to students.
The district’s network administrator worked with our internet service provider (ISP), and through a close review and analysis of the network traffic data and logs, it was determined that our district was under a distributed denial-of-service (DDoS) attack, which is a malicious attempt to disrupt normal traffic to a web property.
As investigations of the network issues continued, we analyzed the online activity as captured by our content filter of several students that had been suspected of online mischief in the recent past. We discovered that the online activity — websites visited and Google searches conducted — matched the district’s internet service outages. Each time a DDoS attack happened during the school day, it coincided with the student conducting a Google search with the keywords “What is my IP.” Through further discovery, we found that the attacks were coming from a server in Belize and that the student’s past Google searches connected the student to this particular company that would be paid to enact DDoS attacks on a provided public IP address.
After this experience, our network team reflected on incident response. We concluded that it was time for the district to invest time and energy in determining risks to our systems to build protection and develop incident response checklists to assist with investigations.
Furthermore, our team felt the deep need to conduct drills for essential areas like disaster recovery.
As the technology department director, I turned to professional organizations like the Consortium for School Networking and our local chapter of the Illinois Educational Technology Leadership Association to research industry practices and access cybersecurity self-assessments or other template data security plans that districts could use to build solid approaches to cybersecurity.
Cybersecurity and data protection has been the recent focus of many school districts among our cohort and across the nation. It especially hit close to home when nearby districts endured ransomware attacks or were targets of spear-phishing. With situations like the one our district experienced or reading news about other organizations and companies living through these attacks, the landscape has changed from mere awareness of these types of incidents to developing action plans to protect valuable network resources and services.
The technology ecosystem has become our lifeblood in education. As leaders in our organizations, we feel responsible for ensuring that proper steps are taken to mitigate security compromises and practice a higher level of prevention.
After accessing our current state of cybersecurity, identifying areas for improvement and vulnerabilities, we built a roadmap for our next steps. We discovered that we needed to further secure our infrastructure beyond firewalls as a small district with entry-level support staff. For this reason, we proceeded to partner with a managed service provider (MSP), EMPIST. The MSP provides us 24/7 year-round monitoring and maintenance to support our team. Additionally, the MSP can eliminate any cybersecurity or lagging threats before they harm our business environment by leveraging tools to monitor and detect irregular behaviors and mitigate them.
With some peace of mind, we were able to work with our MSP to define our roadmap further. Using the National Institute of Standards and Technology (NIST) Framework and completing CoSN’s Peer Review, we were able to gain insights into our strengths and areas for growth. In our initial stages, we accessed our network and systems to identify any immediate needs and vulnerabilities. Upon identifying these vulnerabilities, we prioritized our work for a flexible architecture to support the changing educational environment. Next, we proceeded with the consolidation of servers and switches. We then worked to consolidate backups and secure these both internally and externally. Finally, we looked to reconfigure the network and virtual local area networks (VLANs) for better access and visibility at all sites.
In the second phase of our security roadmap, we anticipate installing endpoint antivirus and identifying user access vulnerabilities. Once these vulnerabilities are identified, we will work to create access charts for these systems and applications. We are also planning to optimize our operations by implementing management tools that provide full access and control of the network and end-user devices. Such tools will also provide real-time analytics to our systems.
In the third phase of our roadmap, we will focus our efforts on responding to vulnerabilities and intrusions by verifying our cybersecurity insurance coverage, requirements, and compliance with policies and regulations.
While these are items we continuously review and reflect upon, we will more closely examine the policies during this phase. For instance, one of the areas we plan to focus on is documenting and formalizing an incident response plan with templates in the event that we experience an intrusion and need to take action. We will also further identify the data we collect and store it during this stage, including any recovery data. With these items in place, we would recover from a breach with minimal data loss and anticipate a significant reduction in downtime.
Beyond properly equipping our staff responsible for cybersecurity, we must not forget to bring awareness of our security roadmap and the steps we are taking to mitigate risk to employees and vendors across the entire organization. Awareness about data privacy policies, compliance with regulations and knowledge of the threats that target end-users are critical components to deepen everyone’s understanding of countering cyberattacks.
At our district, we support this need to communicate such information with employees through committee work, newsletters and annual training to all staff. A tool we utilize for our routine training and phishing campaigns is KnowBe4. Through KnowBe4’s campaigns, we provide security awareness training to help reduce security problems of social engineering, spear-phishing and ransomware attacks.
Our roadmap does not end yet. Instead, we cycle back to the beginning, re-audit our systems and make adjustments as vulnerabilities and systems progress and age with time. The process is evolving as we continually seek to pivot in a constantly changing world of technology. As school leaders in the IT world, we must have the mindset that it is acceptable to seek support in sharing our experiences, growing our workforce and securing our systems and data from the unexpected. We are also not just in the business of security, but also in educating a digital citizenry and in navigating the wild frontier of cybersecurity for our school districts.
The priority of school districts has always been on the teaching staff, and rightfully so. The majority of school district staffing and budgets are concentrated on educators, administrators and support staff that tie directly into the activities of the classroom. For a long time, a school district technology department could be barebones where individual IT staff could wear many different hats. As the internet and the digital world have grown, so has the complexity of supporting online environments and keeping them secure.
Over the last decade or so, there has been a realization that with our growing dependence on technology to do the things we do in education, there is also an increased demand for skilled and talented IT professionals to support the network infrastructure and online operations. Layered into this is the expanding concern regarding data privacy and cybersecurity. As a result, it is imperative that school leadership seriously consider investing budgets into staffing technology departments appropriately with increased technical skills in specialty areas like cybersecurity. But with non-profit wallets, this is a challenge that weighs heavy on the minds of school leadership trying to compete with corporate job markets that have deeper financial pockets.
Oftentimes, IT positions in school districts provide entry to those seeking to build their technical skills and experience. Thus, IT professionals can get their feet wet in applying what they have learned in the sterile setting of a classroom to the realities of a living and breathing IT infrastructure and dynamic user encounters. However, a school district’s ongoing challenge is retaining those IT professionals that the district has poured time, energy and resources into within a generally flat organizational chart. Therefore, the phenomenon that occurs is that IT professionals then find their career next steps by moving to a fellow district.
While this is the overarching movement in the education job market for IT professionals, school leadership can look to professional organizations to grow an IT and cybersecurity workforce as a collective rather than competing in silos with each district fending for themselves. When professional organizations organize training and collegial discussions amongst job-alikes making the “smartest in the room” the room itself, this can grow an IT workforce across school districts rather than keeping the burden of retention on individual districts. This process should then minimize the negative impact of IT professionals moving from district to district.
Even beyond nurturing a robust workforce, there still is an optimism to be upheld as school districts seek out IT professionals from the industry at large with straining budgets. President Kennedy famously said, “Ask not what your country can do for you, but what you can do for your country.” In my years as technology director, I would have to say that what the field of education can offer an IT professional is a sense of personal fulfillment in giving back to our communities. This value is not assessed in dollars, but in the betterment of others and an investment into the future through the education of our students.
october 2021 | securitymagazine.com