CYBERSEC
Transportation’s Million Dollar Question
Student Written by Amanda Pampuro A
fter months of preparation, Hartford Public Schools in Connecticut was ready to reopen for in-person learning last September amid the COVID-19 pandemic. Then a ransomware
attack took out the bus routing software. With more than two-thirds of school servers affected,
Metro-Hartford Information Services, a shared IT depart- ment between the city and the school district, worked quickly to save many critical services. But with the school bus routing software still affected, Superintendent Leslie Torres-Rodriguez made the call to delay reopening. “Based on an initial analysis by the Connecticut Na-
tional Guard and the FBI, the attack was likely conducted by a highly sophisticated actor, so in one sense we were fortunate that we avoided the worst case scenario,” Tor- res-Rodriguez told the Senate Committee on Homeland Security and Government Affairs last December. Thanks in part to $500,000 in IT improvements made
the year prior, the school district serving 18,000 students managed to bring routing software back online within 24
44 School Transportation News • SEPTEMBER 2021
hours and without paying a dime to the cybercriminals. A spokesperson for Hartford Public Schools told School Transportation News that following the attack, the district moved its transportation software to a web- based platform with cloud storage to safeguard it from future incidents. From ransomware to email phishing schemes, cyberat- tacks are increasingly targeting school districts. A report published by the nonprofit K12 SIX in March tracked 408 cyber incidents reported against schools last year alone. Data breaches made up more than one-third of attacks,
while about 12 percent were identified as ransomware, a powerful type of malware designed to extort money from victims. Nearly half of the attacks were classified as other, which includes online class invasions—uninvited individ- uals crashing an online meeting, dubbed Zoom bombings. “All that cybercriminals need to know is that you’re
an organization that has a lot of money or has a lot of sensitive data that they can monetize, that maybe cy- bersecurity has not been a priority, and that if they take
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56 |
Page 57 |
Page 58 |
Page 59 |
Page 60 |
Page 61 |
Page 62 |
Page 63 |
Page 64 |
Page 65 |
Page 66 |
Page 67 |
Page 68 |
Page 69 |
Page 70 |
Page 71 |
Page 72 |
Page 73 |
Page 74 |
Page 75 |
Page 76 |
Page 77 |
Page 78 |
Page 79 |
Page 80 |
Page 81 |
Page 82 |
Page 83 |
Page 84 |
Page 85 |
Page 86