Cyberattacks inflict deep harm at technology-rich schools


July 17, 2019 at 12:00a.m.

Associated Press

AVON, CONN.

Over six weeks, the vandals kept coming, knocking the school system’s network offline several times a day.

There was no breach of sensitive data files, but the attacks in which somebody deliberately overwhelmed the Avon Public Schools system in Connecticut still proved costly. Classroom lesson plans built around access to the internet had come to a halt.

“The first time I called the FBI, their first question was, ‘Well, what did it cost you?’” said Robert Vojtek, the district’s technology director. “It’s like, ‘Well, we were down for three quarters of a day, we have 4,000 students, we have almost 500 adults, and teaching and learning stopped for an entire day.’ So how do you put a price tag on that?”

The kind of attacks more commonly reserved for banks and other institutions holding sensitive data are increasingly targeting school systems around the country. The widespread adoption of education technology, which generates data that officials say can make schools more of a target for hackers, also worsens an attack’s effects when instructional tools are rendered useless by internet outages.

Schools are attractive targets because they hold sensitive data and provide critical public services, according to the FBI, which said perpetrators include criminals motivated by profit, juvenile pranksters and possibly foreign governments.

Attacks often have forced districts to pull the plug on smart boards, student laptops and other internet-powered tools.

Schools in the Florida Keys took themselves off-line for several days last September after a district employee discovered a malware attack.

Schools with few or no employees dedicated to information security often are surprised to find themselves as targets.

The 2,000-student Coventry School District in Ohio had to close schools in May as staff worked to fight a virus that had infected the network. The FBI helped to guide the district through the recovery and offered assistance on best practices.

The school system did not have cybersecurity insurance, said Kelly Kendrick, the district’s technology director, and her three-person department is still working to debug devices affected by the attack.

In September, the FBI issued a public service announcement warning the growth of education technologies and widespread collection of student identification data along with other information including academic progress and classroom activities “could have privacy and safety implications if compromised or exploited.”