The recent cyberattack on Highline Public Schools, a district south of Seattle, highlights the increasing frequency and severity of cyberattacks against K-12 schools across the United States. According to Doug Levin, co-founder of the K12 Security Information eXchange (K12 SIX), there have been at least 325 ransomware attacks on U.S. school districts since April 2016. Schools are attractive targets for cyberattacks due to their reliance on technology and lack of resources, expertise, and mandate for strong cybersecurity protections. When schools are compromised, they are often forced to cancel classes, impacting students and families.
The attackers behind these cyberattacks are primarily based in foreign countries and seek to extort payments from schools in exchange for releasing control of their computer systems or preventing the publication or sale of sensitive information. This information, which includes personal details of staff and students, can be used for identity theft. Compromised credentials, phishing emails, and outdated online systems are common entry points for cyberattacks on schools. The shift to hybrid and remote instruction models during the pandemic has further increased the vulnerability of the education sector to cyberattacks.
The cyberattack on Highline Public Schools forced the district to cancel classes and isolate critical systems. The disruption extended beyond classroom instruction, affecting vital operations such as bus transportation, attendance tracking, and emergency communications. The district’s website remained intact, and there was no evidence of compromised staff, family, or student information. Highline officials assured that impacted individuals would be notified if the situation changed. School safety is a top priority, and investigations were ongoing with the support of third-party and state and federal partners.
To address the ongoing threat of cyberattacks, experts emphasize the need for increased cybersecurity measures and resources for K-12 schools. The lack of legal security requirements and limited funding make it challenging for schools to enhance their safeguards against cyber threats. The Federal Communications Commission recently announced a $200 million Schools and Libraries Cybersecurity Pilot Program to help institutions better protect themselves. The U.S. Department of Homeland Security’s report, K-12 Digital Infrastructure Brief: Defensible and Resilient, provides guidance on online security and privacy in schools.
Individuals connected to school systems are advised to take proactive steps, such as placing a freeze on their credit check to prevent identity theft. The responsibility for cybersecurity extends to technology companies, individuals, and schools themselves. With cyberattacks becoming increasingly common and disruptive, it is crucial for all stakeholders to be vigilant and proactive in addressing cybersecurity threats. The recent cyberattack on Highline Public Schools is just one example of the growing cybersecurity challenges faced by educational institutions and underscores the urgent need for enhanced cybersecurity measures across the education sector.