It’s Fall again and school is open (for most) in various modes of operation after several months of disruption due to COVID-19. Whether school districts offer in-person, virtual, or hybrid schooling models, many of them face challenges and are scrambling to meet and secure new technology demands. Some districts are more embattled than others, relying on limited resources, staff, and expertise to meet the increased demands brought on by the current health crisis. My wife, a vice principal, has bemoaned the fact that most districts including the one in which she serves, enter this season of instruction with unprepared and she is not alone in her thinking. Many districts still lack preparedness despite pandemic preparations in anticipation of managing multiple modes of learning.
Where’s My Laptop?
One example of concern is the shortage of assets. In her district, Chromebook supply shortages forced administrators to reluctantly allow students who did not receive a provisioned asset to bring their own devices (anyone thinking BYOD like me) to connect to open wireless networks. These unmanaged assets are certain to result in a myriad of risk and security issues to students, their families, and their home networks. With many parents still working remotely, it is not beyond reason that malicious actors will use virtual schooling as a vector to go after their valued targets.
Lack of School Resources = Cybersecurity Risk
While managed distant learning infrastructures are preferred and a recommended guideline in my home state, many districts are struggling to meet stated security standards. Furthermore, we have yet to discuss disparity in resources and funding between districts. My wife’s district is sufficiently funded to succeed in this shift to the various models that this pandemic demands. Others not so much. For example, even when students are fortunate enough to receive devices for mobile learning but lack broadband access or suitable connectivity to be successful are often relegated to hotspots and other less than reliable connectivity opening themselves up to risk and safety issues.
Security, Safety, & Virtual Schooling
Jake Kouns and I discuss these issues on Risk Based Security’s vlog, The Right Security, in an episode entitled, “Vulnerabilities in Virtual Schooling”. Our predictions about school re-openings across America have already proven to be spot on. Porn, guns, and racisms greeted students on virtual school platforms in the first few weeks of school in some districts. Elsewhere virtual schooling systems are under siege due to ransomware, shuttering a few distance learning platforms during the first week of school while others have been fortunate enough to remain available to students in the face of this increased activity. Our short vlog touches on these issues and more including staffing, security recommendations, parent engagement, and safety. The safety of our children should be top of mind even as we focus on securing their distant learning. We should equally focus on their safety and protecting them from social predators lurking in virtual schooling networks.
Lares Lends a Helping Hand
Clearly resources for cybersecurity within our K-12 schools are needed more than ever before. Like Jake and his team at Risk Based Security (RBS), we are deeply concerned about the challenges facing those tasked with delivering and securing virtual schooling. The RBS team has cobbled together helpful resources to help educators and administrators in the midst of reopening classes (be sure to read Jake’s passionate tome on virtual schooling vulnerabilities, “Saved By the Bell?”). Lares has been actively engaged in assessing the preparedness of school districts ahead of the school year and assisting under-resourced staff. We help districts prepare their networks and infrastructure for attacks with our adversarial services. Lares understands the need to secure virtual classrooms. Our staff is eager to share its knowledge and capabilities with as many school communities as possible. Distance learning regardless of the model should be safe and secure for all learners. Contact us to learn more about how we are assisting school districts through the current healthcare and cybersecurity crises confronting them.
Mark Arnold has a 15+ cybersecurity career, serving 8 of those years in leadership roles. As a transformational leader, Mark has built security teams and programs, authored maturity model blueprints to optimize risk management processes, and implemented security domain practices at large enterprises and service providers. Mark’s areas of interest include cloud security, threat intelligence, and vulnerability research, nation-state attack methods and related activities (e.g. information operations and disinformation campaigns) and their collective impact on nations and society. Mark recently completed an executive education cohort on the intersection of cybersecurity and technology at Harvard’s Kennedy School.