Skip to main content

Turning a Crisis into an Opportunity: How Schools Need to Respond to the Growing Cybersecurity Threats

Cybersecurity in Schools: The Reality and the Risk

Nearly every person, business, and institution has been affected by the pandemic. Some of the most disrupted of those institutions, our schools, have alternately been forced to close down and periodically open up while at the same time shifting the bulk of their resources to online learning. It’s far too early to calculate the costs of all these shifts in terms of lost learning time and social-emotional support which all children will experience. The needs for this time and learning are particularly acute for those with special education needs. Aside from these costs to children, one underestimated cost to school systems themselves is the price they will have to pay as they shift more of their operations online. The price will come in the form of risk from the massively increased vulnerability to cyberattacks. With the chaos of the last many months’ focus on getting to virtual learning and pushing towards everyone’s connectivity, security had taken on a backburner role. Unfortunately for the schools, security cannot remain a backburner issue.

There is a legal obligation on the school to protect children generally.

Schools understand all too well their responsibilities to prevent things like ‘Zoombombing”, the digital safeguarding of children, and protection of information (any school leader who is not aware of the ease of attack can feel free to reach us for a walkthrough of these issues). This increased demand on schools that are already struggling is not easy. We understand revenue sources are down for schools and districts also.

Cybersecurity in Schools

Cybersecurity in Schools: What are the solutions?

Before we jump to some of the possible ways schools can address the various risks involved, it’s worth highlighting just what the real-world examples are of these threats:

  • According to a recent Education Week report, Baltimore County, Maryland, which suffered a "catastrophic attack on our technology systems." was forced to close down all schools in the county for three days.
  • What can only be described as a terror attack (to a previously secure email system) occurred in Chicago recently, when parents were alarmed by a “series of unsavory, profanity-laced emails in their school inboxes during a 90-minute period” one morning. The message was designed to create the maximum amount of horror among children and their parents. According to a Chicago Sun-Times report, the initial statement read, "I do not know who I am. I do not know why I am here. All I know is that I must kill," and was followed by a series of expletives.
  • Yet another type of hack was designed to extort and occurred in Fairfax County, Virginia, earlier this year. The attackers asked for a ransom payment, threatening to “disclose personal information, including student disciplinary records and grades, according to WRC-TV in Washington.”
  • And finally, according to Education Week, in Toledo, Ohio, a ransomware attack had taken place in September, resulting in the release of student and staff data, school officials said in a letter to families.

While school districts have not been entirely open about these attacks, they have been steadily growing over the years. According to the K-12 Cybersecurity Research Center, there have been nearly a thousand such incidents since January of 2016, growing more disruptive each year as more systems are placed at risk by moving to online learning.

It’s worth repeating that schools are not like typical stores or banks, able to recover from sometimes substantial financial losses if they become the victims. These commercial institutions can afford the latest cybersecurity protections. They invest in these systems because If they fail to protect their customers, they can go out of business as a result.

As tax-funded institutions, schools have less flexible budgets and have only recently woken up to the realities of living within a more vulnerable environment.

They also have a weighty responsibility under FERPA -- the education counterpart to HIPPA -- regarding the need to take extra precautions to protect their students’ educational records. Yet, according to a 2020 survey of CoSN members, only 20 percent of school districts have a dedicated cybersecurity person.

Cybersecurity in Schools: The Response

There are a few options that school systems can take in response.

  • Hire cybersecurity personnel (difficult in a time of downward pressure on school budgets).
  • Improve basic security (as recommended by The Consortium for School Networking (CoSN), perhaps by having funds from its E-Rate program for school connectivity go towards strengthening cybersecurity protections).
  • Reduce exposure to online vulnerabilities by scaling back on-line learning (this is simply not a long-term fix, as far as we’re concerned).
Cybersecurity in Schools- The Response

These are all either kicking a can down the road or expending resources that are becoming more scarce. We don’t believe they are long-term the best use of funds for a school. There is, however, a fourth option -- train students as cybersecurity professionals and hire them. At first blush, this may not be the first thought that comes to mind. We’d ask, “why?”. These days a far greater number of students are inherently more tech-savvy than are any of us pre-Gen-Z folks. They are naturally more apt to be quickly trainable. Also, why WOULDN’T one of the largest governmental employers (the K-12 school system) be interested in a self-serving approach to developing talent to apply towards some of their most critical current vulnerabilities? The idea of government-supported programs of this nature worked in the 1930s, when the Roosevelt administration helped skyrocket youth employment. In today’s reality of developing talent for employability, an approach such as this would align the school districts as a critical stakeholder in what the US Chamber of Commerce Foundation terms the Talent Supply Chain.

Cybersecurity in Schools: Kinetic Potential’s Support

Kinetic Potential has been ingrained in the K-12 system since its founding in 2008. One of our pillars is educating children with a focus on meaningful employment opportunities, which for many children can mean a lift out of their historical cycle of disadvantage, especially for those from disadvantaged backgrounds.

We deliver cyber services, but realize this is not the long-term way for an organization to solve its cyber needs.

Therefore we’re even more focused on developing cyber talent. As we noted above, with the ease and familiarity children have with technology now, we believe this should start from an early age, and one of the best ways to deliver this development is by meeting kids where they school. We have written about the use of after-school programs as a perfect opportunity to a) do something different than just regurgitate the school day’s information or babysit, and b) instill skills that are usable for their long-term career options.

“An estimated 4 million global cybersecurity jobs are unfilled.“

Domestically, the estimate is approximately 50,000K open positions. The shortage of talent is so large that even if every student in a cybersecurity education or training program entered the field each year, there still would be a gap.

KP's Talent Supply Chain

KP is active in plugging this leak in the talent supply chain by recruiting Veterans for its Kinetic Potential Cyber Camp (serving yet another of our desired audiences deserving opportunity assistance). The camps are led by faculty and veterans from the community. The foundation courses cover basic cybersecurity concepts, ethics, laws, risks, threats, and online safety. By the end of the boot camp, the student prepares for the CompTIA Security + and CompTIA Network + exams through lectures and hands-on instruction. These veterans will then be part of a National Cybersecurity Corps used to train high school students to be employable first as apprentice professionals in their school district. Then, post-graduation opportunities would be available for further training or employment elsewhere.

There is nothing like a crisis to wake people up to reality. Training and hiring its talent right from its captive audience should be the first step taken by schools, helping turn this crisis into an opportunity to move ahead. KP is ready to help with a gameplan that can be implemented quickly, including bringing in federal dollars that stand ready to be deployed for just this kind of youth development. The crisis schools now face is growing larger by the month, and schools need to take action now.

Add new comment

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
CAPTCHA This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.