{"id":60434,"date":"2014-01-30T22:22:58","date_gmt":"2014-01-31T03:22:58","guid":{"rendered":"http:\/\/rbachnet.wwwmi3-ss40.a2hosted.com\/index.php\/"},"modified":"2021-08-26T13:02:58","modified_gmt":"2021-08-26T17:02:58","slug":"cyber-attacks-on-schools","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/cyber-attacks-on-schools\/","title":{"rendered":"Cyber Attacks on Schools"},"content":{"rendered":"

\"Cyber<\/a>Cloud services<\/strong> and data-management systems are multiplying in the edu market. Schools, districts, and states are using online networks to store student data<\/strong> such as records PII, medical records<\/strong>, attendance, and grades. Putting all of this data online is scary enough, these systems are designed to allow parents (and attackers<\/em>) to get to data from a home PC.<\/p>\n

More convenient for teachers and parents<\/h3>\n

\"vulnerable<\/a>Education Week<\/em><\/a> explains<\/a> that the switch to online data is often more convenient for teachers and parents. But these changes can also make state agencies, districts, and schools vulnerable to cyber attacks<\/strong>. The author cites the August 2013 DDoS<\/a> attack on the Kentucky Department of Education’s<\/a> statewide\u00a0Infinite Campus<\/a> information network as a precursor of things to come. The Kentucky<\/a> agency was able to fight off the DDoS attack before any data was compromised but school DDoS attacks<\/strong> are occurring more often as they get easier to execute. David Couch the Kentucky Department of Education’s chief information officer said.<\/p>\n

What I understand from what I’ve seen is that [DDoS attacks <\/em>are] a <\/em>commonality now … I think most organizations have to add to their tool suite a w<\/em>ay to detect them.<\/em><\/p>\n

Online attacks<\/h3>\n

\"DDoS<\/a>GCN<\/a><\/em> reports<\/a> another edu DDoS attack. <\/strong>This one is on OnCourse Systems for<\/a> Education a SaaS<\/strong> that provides software services to K-12 schools. The firm became the victim of UDP flood<\/a><\/strong> from Germany and the Netherlands. The firm tried to fly under the radar, Mark Yelcick, chief technology officer and partner at OnCourse said.<\/p>\n

This was the first DDoS attack at OnCourse, and we never thought that we would be a target … There\u2019s no money or assets to be gained by attacking an SaaS provider of K-12 educational systems. We felt that the firewall, intrusion protection and DDoS protection from our data center provider would be enough.<\/em><\/p>\n

\"DDoSIn order to turn back the tide of rouge packets, OnCourse brought in P<\/a>rolexic<\/a>. Prolexic\u00a0has solutions tailored for the education market. The company engaged its emergency services, routing traffic through Prolexic\u2019s 1.5 Tbps cloud-based DDoS mitigation platform<\/strong> and stopping the attacks. CTO Yelcick said, “We simply cannot afford downtime brought about by a DDoS attack.\u201d<\/em><\/p>\n

Because DDoS attacks can target any IP address, it’s impossible to completely prevent them, so for districts and the companies that offer data management services, the focus is on battling these attacks as they come.<\/p>\n

\"battling<\/a>“We have to be prepared and understand the environment that we are operating in so we’re prepared to address these issues as they come up<\/em>,” says Infinite Campus CEO Eric Creighton, the victim of the Kentucky DDoS attack.<\/p>\n

Attackers are after student PII<\/h3>\n

Part of predicting and combating cyber attacks is understanding why people order these attacks in the first place. When the target is a network that stores student grades and attendance information, the immediate thought is that a student is responsible. However, Mr. Creighton says that students rarely attempt attacks and, in his experience, have never succeeded.<\/p>\n

\"Report<\/a>“I don’t think these are attacks attempting to get data … There’s no jackpot of <\/em>valuable data –there’s no payload here.”<\/em> CEO Creighton may be spinning the results. rb-<\/strong> I wrote about schools collecting and losing PII here<\/a>.<\/em><\/p>\n

One reason that schools and districts are<\/strong> targeted is that their systems are designed for convenient<\/strong> access. Easy access for parents and teachers, makes for easier targets<\/strong>. Marcus Rogers, a professor, and chair of the cyber forensics program at Purdue University<\/a> told Education Week.<\/em><\/p>\n

For a lot of these attacks, the intended victim or goal is something bigger than the school. Obviously schools want to protect their data, but the bigger threat is when they use those networks now to go out and attack a power plant or a stock exchange or an air traffic control systems. That’s when the stakes go up.<\/em><\/p>\n

Caused by a BYOD device<\/h3>\n

Kentucky education officials believe that the attack on their systems was triggered by a beacon. They hypothesize that a beacon was unknowingly placed on a student’s mobile device, which he or she took with them to school. Viruses can cause a device to send out a beacon, instructing thousands of other devices to attack the network the device is connected to. In Kentucky, officials say that this won’t stop individual districts from implementing bring-your-own-device<\/strong> programs. However, schools can decrease the chances of an attack by making sure that these student devices are properly protected according to Education Week. <\/em>CIO Couch believes schools will start to protect themselves.<\/p>\n

I think what you’re going to see is districts making sure that before people plug into their network they have up-to-date, good virus protection … I think you’ll start to see that in K-12.”<\/em><\/p>\n

Purdue’s Rogers says that even when schools know best practices<\/strong> for avoiding and combating attacks, such measures are often cost-prohibitive<\/strong>. “A lot of times the schools know what to do, but at the end of the day if they’re trying to get library books, a firewall is not going to be their big concern.”<\/em><\/p>\n

Related articles<\/h6>\n