we get them all the time, we get them every week, so I expect it’s the same volume that our clients are getting,” Civitella said. “Take a deep breath if you see something weird in the email. The odds are it’s not right. And if you question it, call the sender. ‘Did you just send this to me?’ Because these are things you take for granted.” After training employees to vigilantly protect pass-

words and watch for suspicious emails, it is vital to back up important data. “Upfront your biggest defense against ransomware is training your employees on things like phishing,” said Lisa Plaggemier, chief strategist with the National Cyber Security Alliance, a nonprofit organization that promotes cybersecurity, privacy education and awareness. “After that, your second biggest defense is backing up your data. If you got the backups, then you can walk away and leave the bad guys empty handed.” Plaggemier stressed the importance of running table-

top cybersecurity exercises like any other security drill. “Having a crisis communications plan is extremely

important when it comes to ransomware. One of the biggest pieces of advice I like to give people is don’t wait for it to happen before you decide how you’re going to react,” Plaggemier said. “The time to have a conversation about ransomware is before it happens.” The National Cyber Security Alliance strongly advo-

cates against paying ransomware demands as doing so only creates an incentive for further attacks. “Any penny we pay to the cyber criminals is a penny

too much,” Plaggemier said. Based on a survey of 1,263 organizations, cyberse-

curity firm Cybereason estimated only 20 percent of organizations pay ransomware attacks. Of those that paid ransomware demands, the report released this year found 80 percent experienced repeat attacks. Another concern is whether cyberattacks can disrupt

real-time operations, attempting to reroute buses or tap into live camera feeds. Many consider these scenarios unlikely when run-of-the-mill phishing is lower risk, less work and highly effective. “I don’t think any of these people are wanting to harm

anybody. They’re in this game to make money,” ex- plained GP Singh, founder and CEO of school bus data analyst company ByteCurve. “As far as the company’s ability to be able to have a hacking of all the data where school bus operations will not be able to run, I see that as a very low possibility. Usually, the data people will get is student specific personal information—their names,

48 School Transportation News • SEPTEMBER 2021

Leslie Torres-Rodriguez testified before the Senate Committee on Homeland Security and Government Affairs last year about the increasing cybersecurity threat to school districts. The superintendent of Hartford Public Schools in Connecticut relayed how hackers hijacked the district’s school bus routing software.

their addresses, their date of birth, and social security numbers—and they will try to have a ransom negotia- tion with the school district to pay them for it.” One overlooked vulnerability, Singh noted, is outdated

computers. Microsoft, for example, is no longer pro- viding security patches for Windows 7, making those machines easy targets. The FBI also called out the security vulnerabilities of

Remote Desktop Protocol, or RDP, created by Microsoft to enable one user to connect with another via graphic interface and over a network connection. In case of an attack, Singh said a transportation

department must be ready to protect essential files and assess the damage, then communicate information about the attack to management and the district as well as parents and students. Finally, transportation districts need to enact a contingency plan. “If the routing system has been hacked and it’s not

available anymore, how are you going to route the buses? How are you going to get the buses on the road? Okay, if the payroll system is down, how are you go- ing to pay people?” Singh posed. “This is something transportation departments will need to build in close

Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74  |  Page 75  |  Page 76  |  Page 77  |  Page 78  |  Page 79  |  Page 80  |  Page 81  |  Page 82  |  Page 83  |  Page 84  |  Page 85  |  Page 86