CYBERSEC


Transportation’s Million Dollar Question


Student Written by Amanda Pampuro A


fter months of preparation, Hartford Public Schools in Connecticut was ready to reopen for in-person learning last September amid the COVID-19 pandemic. Then a ransomware


attack took out the bus routing software. With more than two-thirds of school servers affected,


Metro-Hartford Information Services, a shared IT depart- ment between the city and the school district, worked quickly to save many critical services. But with the school bus routing software still affected, Superintendent Leslie Torres-Rodriguez made the call to delay reopening. “Based on an initial analysis by the Connecticut Na-


tional Guard and the FBI, the attack was likely conducted by a highly sophisticated actor, so in one sense we were fortunate that we avoided the worst case scenario,” Tor- res-Rodriguez told the Senate Committee on Homeland Security and Government Affairs last December. Thanks in part to $500,000 in IT improvements made


the year prior, the school district serving 18,000 students managed to bring routing software back online within 24


44 School Transportation News • SEPTEMBER 2021


hours and without paying a dime to the cybercriminals. A spokesperson for Hartford Public Schools told School Transportation News that following the attack, the district moved its transportation software to a web- based platform with cloud storage to safeguard it from future incidents. From ransomware to email phishing schemes, cyberat- tacks are increasingly targeting school districts. A report published by the nonprofit K12 SIX in March tracked 408 cyber incidents reported against schools last year alone. Data breaches made up more than one-third of attacks,


while about 12 percent were identified as ransomware, a powerful type of malware designed to extort money from victims. Nearly half of the attacks were classified as other, which includes online class invasions—uninvited individ- uals crashing an online meeting, dubbed Zoom bombings. “All that cybercriminals need to know is that you’re


an organization that has a lot of money or has a lot of sensitive data that they can monetize, that maybe cy- bersecurity has not been a priority, and that if they take


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74  |  Page 75  |  Page 76  |  Page 77  |  Page 78  |  Page 79  |  Page 80  |  Page 81  |  Page 82  |  Page 83  |  Page 84  |  Page 85  |  Page 86