K-12 schools are improving protection against online attacks, but many are vulnerable to ransomware gangs

WASHINGTON (AP) — Some K-12 public schools are racing to improve protection against the threat of online attacks, but lax cybersecurity means thousands more schools are vulnerable to ransomware gangs that can… Theft of confidential data and disable operations.

Since a White House conference After the ransomware threats, dozens of school districts signed up for free cybersecurity services, and federal officials hosted trainings with schools to help them learn how to better secure their networks, said Anne Neuberger, the Biden administration’s deputy national security adviser for cybersecurity. . and emerging technologies.

More districts need to take advantage of available software that will better protect against cyber attackers who are increasingly targeting schools, Neuberger said. Their goal is to shut down computer systems and, in some cases, steal and publish sensitive personal information if a ransom is not paid.

“Settlements happen over and over again, often in the same way, and there are defenses to protect against them. Here the government has actually brought companies together, brought agencies together to deploy some of those companies,” Neuberger said in an interview. “Don’t give up. Contact us and register. And your children will be safer online.”

The administration announced steps over the summer to help cash-strapped schools, which have been slow to build cybersecurity defenses. Ransomware attackers, many of them based in Russia, not only forced schools to temporarily close, but also exposed a wealth of private information to students.

Last month, parents filed a lawsuit against the Clark County School District in Nevada, alleging that a ransomware attack led to the release of highly sensitive information about teachers, students and their families in the nation’s fifth-largest school district. In another high-profile case this year, hackers broke into the Minneapolis public school system and dumped sexual assault case records and other sensitive files online after the district refused to pay a $1 million ransom.

More than 9,000 small public school districts across the United States with up to 2,500 students — nearly 70 percent of the nation’s public districts — are now eligible for free cybersecurity services from web security company Cloudflare through a new program called Project Cybersafe Schools, Neuberger said. Since August, about 140 districts in 32 states have signed up for the program, which provides free email security and other protection from online threats, she said.

James Hutz, technology coordinator for Rush City Public Schools in Minnesota, said the program arrived at the right time for their district, quickly stopping 100 suspicious emails from reaching employees. Cybercriminals often try to get teachers to click on malicious links by pretending to be an administrator sharing documents about things like pay raises, Hutz said.

“We’re not going to be bulletproof, but the more we do to make it harder, the better between user training, this software and everything else,” Hutz said.

Newberger also said that a $20 million grant program from Amazon Web Services designed to help schools improve their cybersecurity has received about 130 applications.

The FCC also proposed a pilot program that would provide up to $200 million over three years to strengthen cyber defense in schools and libraries. The hope is that the money will be available to schools in the “near future,” Neuberger said.

But Doug Levine, director of K12 Security Information eXchange, a Virginia-based nonprofit that helps schools defend against cybersecurity risks, said he fears attacks against schools will continue to grow in frequency and severity without more federal support and requirements imposed by schools. They have basic cybersecurity controls.

“Most of them are underfunded for their IT jobs. They don’t have cybersecurity experts on staff. They’re increasingly viewed as an easy target by cybercriminals,” Levin said. “So, I think ultimately the federal government will need To make more effort.”