SPECIAL REPORT
Berndt said that it’s important to stay on top of trends in AI, data security and analysis, commenting that “Artificial intelligence isn’t going to take away your job. People who know how to use artificial intelligence are going to take your job.” Protecting sensitive student data was the topic of a panel discussion moderated by Rick Hays, deputy chief information officer at the Nevada Department of Transportation. Hays holds a doctorate in cybersecurity, served in the U.S. Air Force, and worked for the Cyberse- curity and Infrastructure Agency, an arm of Homeland Security. He has extensively worked on military and gov- ernment levels to further cybersecurity safety practices. Panelist Jennifer Vobis, who has since retired as
executive director of transportation for Clark County School District in Nevada, spoke about a 2020 security breach that affected 40,000 district employees. It wasn’t until three years later that the district discov- ered information had been sold on the dark web. Vobis said that while her department assumed IT had the data security covered, it’s important to fully understand how those imperfect safeguards affect transportation operations. Hays noted that many ransom-
ware attacks begin with an email, an easy-to-overlook threat. His advice was to take a moment to analyze the message and sender, and “think before you click.” “Balance the drive to get tasks
“What makes it vulnerable is when it’s between stages,” she said. “When it’s not being managed by a system.” Nguyen-Bull used the example of a parent portal app,
which she referred to as “a perfectly safe product if you use it right.” Ensuring that only the relevant parties can view data or a particular school bus location, or that a tablet onboard the bus is locked is the responsibility of the owners of the data. “Know what your responsibilities are regarding the data you handle, you need to know the policies,” said Hays. The human element of safely managing and effective-
How important is protecting student data in your transportation department?
ly protecting data is a team effort, said Vobis, but it may be a teaching moment if all the staff is not up to date on technological education and cybersecurity training. Even though some of these practices may be considered com- mon sense, the panel stressed the importance of covering all your bases and making sure each member of the team understands the implications of data breaches. When things go wrong, and
81% Extremely important 18% Very important
1% Somewhat important
(Out of 78 responses to a recent STN magazine survey.)
done with making sure we know what it is we’re doing,” added panelist Lam Nguyen-Bull, a consultant at Edulog and an attorney, explaining that it’s everyday behavior that creates the most risk. She continued that understanding and managing data
flow and security starts with understanding that “data is just information,” whether physical or digital. Just as Berndt noted, Hays also emphasized the importance of knowing exactly where data is at all times. When it’s being used, when it’s being stored and when it’s in transit. Encryption must be present at all these levels, he explained. Nguyen-Bull continued that data in storage is the eas-
iest stage to protect it. When data is in transit across the web, it is generally protected by a Secure Sockets Layer (SSL) or Hypertext Transfer Protocol Secure (HTTPS). When it’s being used it is protected by a firewall in a closed environment.
22 School Transportation News • NOVEMBER 2024
Nguyen-Bull noted that they will, it’s crucial to have an action plan in place to not only get the issue under control but to understand what happened and how it can be prevented in the future. During a security audit situa-
tion, like one a “white hat” firm performed on Edulog last year, “We don’t usually like to answer questions, but understand we’re not being attacked. [Auditors] are just trying to understand,” she explained. “Be collaborative, learn from other people’s experiences. Despite best efforts to lock things
down, there is always a high risk.” “We always think it’ll never happen to us,” said Vobis. Even after the situation at Clark County was resolved, she said there was an impact on how information was shared. Vobis cited an example of improper informa- tion sharing via Google Suites, where security privacy settings weren’t on. Nguyen-Bull referenced receiving an email with an attached unencrypted spreadsheet containing detailed data on student riders. “Practice doesn’t make perfect, but practice does make
it better,” said Nguyen-Bull, recommending that districts run tabletop exercises to prepare for when the “unthink- able does happen.” All the panelists advised that student transporters take time to find out their organization’s cyber policies and security protocols.
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56 |
Page 57 |
Page 58 |
Page 59 |
Page 60 |
Page 61 |
Page 62 |
Page 63 |
Page 64 |
Page 65 |
Page 66 |
Page 67 |
Page 68 |
Page 69 |
Page 70 |
Page 71 |
Page 72 |
Page 73 |
Page 74 |
Page 75 |
Page 76
