澳门跑狗论坛

Privacy & Security

Why the Los Angeles Cyberattack Is a Wake-Up Call for Every School District

By Alyson Klein 鈥 September 06, 2022 5 min read
Hacker attack and data breach, information leak and cybersecurity concept.
  • Save to favorites
  • Print
Email Copy URL

The nation鈥檚 second-largest school district was hit over Labor Day weekend by a massive cyberattack that shut off access to email, crippled the district鈥檚 website, and hobbled systems teachers use to share lessons and take attendance.

Officials in the Los Angeles Unified school district did not detail the origins of the attack, except to say that they believe the attack was 鈥渃riminal in nature.鈥

If that proves to be the case, Los Angeles Unified may be the most high-profile district yet to join the ballooning ranks of school systems targeted by cybercriminals, many of whom work in countries that are out of reach for U.S. law enforcement, such as Russia and China.

These groups often steal student or staff data, or lock down systems, demanding ransom payments in the millions of dollars in exchange for releasing the data back to the school systems. (LAUSD has not released information suggesting that鈥檚 what happened in this incident.)

If LAUSD can fall victim to one of these attacks, any district can, said Doug Levin, the national director of the K12 Security Information Exchange (K12 SIX) and one of the top experts in the country about cybersecurity for K-12 schools.

鈥淎nyone can be a victim,鈥 Levin said. 鈥淓ven school districts as large as LAUSD are challenged to be able to defend themselves against these risks.鈥

K-12 systems鈥攚hich now use technology across the board for teaching and learning and the management of schools鈥攏eed support from states and the federal government to better protect themselves, particularly as cybercriminals become increasingly sophisticated, he added.

It鈥檚 鈥榗yberattack season鈥 for schools

The beginning of the school year is a particularly vulnerable time for districts, Levin added, noting that some of the most prominent hacks on big school districts鈥攕uch as and 鈥攈it right as the school year started.

That may be because the early weeks of school are 鈥渁mong the most challenging times of the year for school IT leaders,鈥 he said. 鈥淥ne could imagine that that they were just overwhelmed, and so they could miss something that would otherwise throw up a red flag.鈥

LAUSD鈥攚hich started its academic year in mid-August鈥攄id not cancel classes on Sept. 6, the first school day after the attack was discovered. It assured the community that key functions, including health care, payroll, and safety and emergency systems were unaffected by the hack, at least according to the district鈥檚 preliminary review.

Other systems, like the one used to take attendance, would need to be modified, at least temporarily.

It may be a good indicator of LAUSD鈥檚 level of preparedness that the district didn鈥檛 experience a complete shutdown, Levin said. 鈥淭hat suggests that they had been taking some steps to protect themselves and mitigate an attack like this,鈥 he speculated.

鈥淲e are working collaboratively with our partners to address any and all impacted services,鈥 the district wrote in a explaining the attack. 鈥淟os Angeles Unified is committed to delivering high-quality instructional programming, and we are benefiting from an immediate and comprehensive response from the federal government.鈥

After learning about the cyberattack, the White House brought together the U.S. Department of Education, the Federal Bureau of Investigation, and the Department of Homeland Security鈥檚 cybersecurity and infrastructure security agency 鈥渢o provide rapid, incident response鈥 for the district, alongside local law enforcement, the LAUSD statement said.

It鈥檚 curious that the White House would become involved so quickly in a single district cyberattack, Levin said, given that if the hub of the executive branch responded to every criminal hack, it likely wouldn鈥檛 do much else.

But that aggressive response could be due to more recent concerns that the federal government is not doing enough to protect schools. The Department of Education was called out last year by the Government Accountability Office for its lack of action on K-12 cybersecurity.

Cybersecurity is everyone鈥檚 problem

There are many other unanswered questions at this point, Levin said. How did the hackers get in? Did they access student or staff data? Are they demanding a ransom? What will the overall cost of restoring district systems be and how long will it take?

Cyberattacks of this magnitude can be costly, even if the district doesn鈥檛 end up paying an exorbitant ransom. For instance, the roughly 111,000-student Baltimore County school district in Maryland spent . That district has less than a quarter of the enrollment of LAUSD鈥檚 520,000 K-12 students.

When it comes to the question of whether personal data was compromised, Levin suggested LAUSD might be well-advised to counsel parents, staff, and students that they should simply assume that their data was impacted, even if there鈥檚 no immediate evidence of that. That way, potential victims can begin monitoring their credit card accounts, start updating passwords, and take other steps to protect themselves.

Education technology leaders have long been wary of the debilitating impact of cyberattacks, with members of the Consortium for School Networking naming it as their number one concern five years in a row, according to an annual survey.

But district leaders often see it as the tech department鈥檚 purview, and not their own.

The incident in Los Angeles 鈥渟hould serve as a wake-up call to superintendents, school board members, and education policy leaders that schools now rely on technology to an extent that cybersecurity must be a priority not just for the IT department but for superintendents and school board members,鈥 Levin said.

Some places to start, according to the experts?

  • Do a risk assessment to figure out where your vulnerabilities are;
  • Have a well-crafted cybersecurity plan that the district practices regularly, just as with fire or active shooter drills;
  • Train employees on common tactics hackers use;
  • Back-up data;
  • and put in place multi-factor authentication systems, which call for employees and students to confirm their identities using a cellphone, separate email, or other source.
Related Tags:

A version of this article appeared in the September 21, 2022 edition of 澳门跑狗论坛 as Why the Los Angeles Cyberattack Is a Wake-Up Call for Every School District

Events

Artificial Intelligence K-12 Essentials Forum Big AI Questions for Schools. How They Should Respond鈥
Join this free virtual event to unpack some of the big questions around the use of AI in K-12 education.
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of 澳门跑狗论坛's editorial staff.
Sponsor
School & District Management Webinar
Harnessing AI to Address Chronic Absenteeism in Schools
Learn how AI can help your district improve student attendance and boost academic outcomes.
Content provided by 
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of 澳门跑狗论坛's editorial staff.
Sponsor
Science Webinar
Spark Minds, Reignite Students & Teachers: STEM鈥檚 Role in Supporting Presence and Engagement
Is your district struggling with chronic absenteeism? Discover how STEM can reignite students' and teachers' passion for learning.
Content provided by 

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide 鈥 elementary, middle, high school and more.
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.

Read Next

Privacy & Security What Teachers Need to Know About Changes to Instagram Teen Accounts
The adjustments come as Meta faces multiple lawsuits from states and school districts.
4 min read
Close up photo of Black teen looking at Instagram photos on her cellphone.
Anastasia_Prish/Getty
Privacy & Security Download A Tip Sheet to Help Teachers Prevent and Respond to Doxxing
Teachers can be a target for malicious actors. Use this tip sheet to prevent and respond to doxxing.
1 min read
Image of digital safety against doxxing and privacy invasion.
Laura Baker/澳门跑狗论坛 via Canva
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of 澳门跑狗论坛's editorial staff.
Sponsor
Privacy & Security Quiz
Quiz Yourself: How Much Do You Know About Cybersecurity For Schools And Districts?
Answer 6 questions about actionable cybersecurity solutions.
Content provided by 
Privacy & Security What Schools Need to Know About These Federal Data-Privacy Bills
Congress is considering at least three data-privacy bills that could have big implications for schools.
5 min read
Photo illustration of a key on a digital background of zeros and ones.
E+