WASHINGTON — Some K-12 public schools are striving to improve protection against the threat of online attacks, but lax cybersecurity means thousands more are vulnerable to ransomware gangs that can steal confidential data and disrupt business operations.
Since an August White House conference on ransomware threats, dozens of school districts have signed up for free cybersecurity services, and federal officials have organized exercises with schools to help them learn how to better secure their networks, said Anne Neuberger, the administration’s deputy -Biden. national security advisor for cyber and emerging technology.
Neuberger said more districts should take advantage of available programs that can better protect against online attackers who are increasingly targeting schools. Their goal is to shut down computer systems and in some cases steal and publish sensitive personal information if a ransom is not paid.
“Compromises happen again and again, often in the same ways, and there are defenses to protect against them. And this is where the government has really brought companies together, brought agencies together to deploy some of those,” Neuberger said in an interview. “Don’t give up. Contact us and register. And your children will be a lot safer online.”
The government announced steps last summer to help cash-strapped schools that have been slow to build cybersecurity defenses. Ransomware attackers, many of whom are based in Russia, have not only forced schools to temporarily close but have also exposed a trove of students’ private information.
Last month, parents sued the Clark County School District in Nevada, alleging that a ransomware attack led to the release of highly sensitive information about teachers, students and their families in the nation’s fifth-largest school district. In another high-profile case this year, hackers broke into the Minneapolis Public Schools system and dumped sexual assault records and other sensitive files online after the district refused to pay a $1 million ransom.
More than 9,000 small public school districts in the United States with up to 2,500 students — that’s about 70 percent of the nation’s public districts — are now eligible for free cybersecurity services from web security company Cloudflare through a new program called Project Cybersafe Schools, Neuberger said. Since August, about 140 counties in 32 states have signed up for the program, which provides free email security and other protection against online threats, she said.
James Hatz, technology coordinator for Rush City Public Schools in Minnesota, said the program arrived just in time for their district, quickly preventing 100 suspicious emails from reaching staff. Hatz said cybercriminals often try to get teachers to click on malicious links by posing as an administrator who shares documents about things like pay raises.
“We’re not going to be bulletproof, but the more we can do to make it harder, the better the user training, this program and everything else,” Hatz said.
Neuberger also said that a $20 million grant program from Amazon Web Services, designed to help schools improve their cybersecurity, has received about 130 applications.
The Federal Communications Commission has also proposed a pilot program that would provide $200 million over three years to strengthen cyber defenses in schools and libraries. Neuberger said the hope is that money will be available for schools in the “near future.”
But Doug Levin, director of the K12 Security Information eXchange, a Virginia-based nonprofit that helps schools defend against cybersecurity risks, said he fears attacks on schools will continue to increase, both in frequency and severity, without further ado. federal support and school requirements. have basic cybersecurity controls in place.
“Most have underfunded their IT functions. They do not employ cybersecurity experts. And they are increasingly seen as a soft target by cybercriminals,” said Levin. “So ultimately I think the federal government is going to have to do more.”