“Hey, I am director of a school and I forgot my password,” said the voice. “Can you help me?”
The call entered an assistance service in the Beaverton school district in Oregon. City of the Metropolitan region of Portland, Beaverton is home to a Nike factory and is the site of To come extensions for the manufacture of semiconductorsFunded by federal dollars under the flea law. In all, around 40,000 students attend the district.
The appellant was looking for a way to get around multi-factory authentication, a safety protocol that requires two forms of identification. The school said it years ago to avoid attacks. But hackers have become more sophisticated and their attempts to penetrate more frequent systems, explains Steven Langford, information director for Beaverton.
The scam was frustrated, thanks to the security protocols on which the staff was trained. But that is part of a trend. During the last month, the district received a number of cybercriminal phishing calls for information that would exhibit school data. Without constant vigilance, the staff, wishing to be useful, could hand over information sensitive to the crooks which seem legitimate. The threat can also worsen. It cools Langford to think about how AI could change voices or write finer scripts. This is something they have to stay in front of.
Those who go after schools are after money in any way possible, explains Doug Levin, national director of K12 Security Information Exchange. Often this means extortion, largely from Russian cyber gangs. For example, an attacker will slide the data from a school, then lock the school of his computers, demanding money to unlock computers and not publish the data. Or sometimes they jump that and simply focus on the data. When schools do not play ball, attackers will sell data on a dark web market or do not suck the data online so that identity thieves can take it back. They also crooked school employees via phishing emails that make them give up access to information or even send gift cards, says Levin. Recently, they started to target the sellers who also work with schools, because through them, hackers can have access to school systems on a national scale.
In fact, cyber attacks against schools are increasing across the country. Last year, 82% of K-12 schools declared a cyber-incident, according to a recent estimate. Cybersecurity experts are now afraid that cuts to certain federal programs threaten to make the protection work of data from students more difficult by tearing training and important security signals.
Blind
School districts seem to understand the importance of cybersecurity problems, explains Levin, from K12 Security Information Exchange. There are also more cybersecurity companies that include the unique context of schools and offer more affordable prices for schools. But hope was that federal participation would help better educate the leaders of school systems on the risks they take with technology, because it is common for superintendents – who have a range of other concerns, including physical security – to consider cybersecurity as a technical problem. They underestimate the threat, says Levin.
Schools are not prepared for the lack of federal support. The search for an association shows that 73 percent of school Edtech leaders say that the confidentiality of students' data is not listed in the From their description of position and 17% have never received a relevant training in confidentiality. Many were on the federal government to develop Edtech or IA policies.
Some states have prompted schools to be more vigilant. But overall, schools do not necessarily have the resources or support they need. In fact, many school districts do not even have the capacity to take advantage of the support already offered, the small districts tending to rely on third -party support, says Levin.
Under Trump, the federal situation has also become more complicated.
Several key advisory groups have dissolved. The CISA K-12 cybersecurity advisory committee, as well as all the other committees of the Ministry of Internal Security, have been rejected. The Coordination Council of the Cybersecurity Government of the Department of Education, a group of coordinates, a group of stakeholders on which the programs schools count, also seem to be missing, even for its members. Although no official notice has declared it closed, all activity has stopped. “We were essentially ghosts,” explains Levin, who was involved in the group. There is therefore no coordinated communication on cybersecurity trends for schools, he adds.
The Education Technology Office, which offered advice to districts, also was the victim of the federal cuts.
A remaining source of federal support is the cybersecurity and infrastructure security agency, which helps schools respond to data ransomers. But the agency has undergone cuts and could lose as much asA third of its staff. There is also the Center for the Sharing and Analysis of Multiple Information, which schools consult for cybersecurity information and services. But this group too has lost significant funding.
For the moment, these programs allow districts to obtain training and indices on the threats to be sought. “It is a bit like a vaccine, where we all win this immunity from the herd by having shared information that moves transparent from the agency to the agency,” explains Jim Corns, executive director of information technology for Baltimore public schools. When a school is attacked, others are alerted and accumulate their defenses.
Schools find it reassuring.
In 2020, Baltimore underwent a massive cyber attack. At the time, the country's schools were less coordinated in their technological infrastructure. They operated independently, said Cors. If they had the resources they were doing now, it would have helped the district to set up better guarantees, says Corns.
These days, Baltimore public schools regularly receive updates by e-mail from the Maryland Information and Analysis Center, and the two federal programs whose future is uncertain, the cybersecurity and infrastructure security agency and the Center for Multiple Information Share. E-mail alerts warn which IP addresses have been linked to recent and vital security attacks and other information. Schools can then proactively block dangerous email and IP addresses, avoiding attacks. Networks also offer districts training in best safety practices.
Cors are afraid of losing these safety benefits.
After the 2020 attack, the Baltimore district moved the storage of data on suppliers. But this strategy is also not free from danger, as a recent violation in Powerschool, one of the most omnipresent student information systems in the country, proves. After the pirates obtained the password of a Powerschool employee, they accessed the data for millions of students, according to an investigation by cybersecurity company Crowdsstrike. CORNS says that Baltimore County public schools have not been affected by violation, but the incident stresses that data protection now also means ensuring that suppliers follow best practices.
Cups in cybersecurity protection systems may have great implications.
“These federal cuts are short -sighted and will be immediately harmful to students, educators and families,” Keith Krueger, CEO of the non -profit organization of the consortium for School Networking, in Edsurge.
Beyond exposing schools to the attack, Krueger argues that the cuts could even accelerate the inequalities of education. Rural districts, schools serving students and low -income states that have not yet issued advice on how to manage Edtech or AI are most at risk. Without federal guidelines, these vulnerable districts will find it difficult for the protection of school networks to the use of new technologies in an ethical and efficient manner, known as Krueger. Wealthy districts are better able to operate without federal support. These lucky schools will continue to make progress, deepening inequalities while they go beyond districts in difficulty.
Certainly uncertain
In cybersecurity, the districts now operate in darkness.
Unlike many other districts, Beaverton has a dedicated cybersecurity team. However, it is based on federal information to strengthen the defenses. Indeed, the services provided by MS-ISAC and Cisa help Beaverton to identify threats and they provide information to better defend themselves against cyber-starts.
But they have already lost access to webinaries that informed them of the threats that arose across the country, according to Langford. This leaves staff to dig up the information themselves, support their time and incur additional costs.
It is not difficult to know if other vital resources will continue.
In particular, the district finds weekly analyzes that expose potential vulnerabilities and identify critical malicious threats, says Langford. These IP addresses report which could try to collect passwords or install malware. Once the cyber team has this area, it can block it, which means that even if a phishing email had to sneak, it would not work, adds Langford.
But the uncertain future of these warning systems and others leaves the districts like Beaverton to worry about the exposure of student data. “We are living in the unknown right now,” says Langford.
