What the Baltimore County Public School District Learned from a Ransomware Attack
On November 24, 2020, Baltimore County Public Schools was hit with a devastating ransomware attack. Before the attack, district IT leaders thought they had pretty strong technology systems in place. However, the attack shut down classes for three days.
The attack created catastrophic effects compromising every technology system in the district. According to Jim Corns, the executive director of IT for BCPS, the entire foundation of its IT infrastructure disappeared. The attack was estimated to have cost the district at least $7.7 million, according to The Baltimore Sun.
Corns compared the attack to a puzzle: Before the ransomware attack all of the pieces were in place. Post-attack pieces were either gone or lost forever, leaving things in shambles. Their system could not even be rebuilt to its previous state.
The district, which is comprised of more than 110,000 students and 25,000 staff, was unable to send emails to other government agencies. They were also unable to access school systems using single sign-on passwords.
With school districts becoming increasingly susceptible to cybersecurity attacks, officials from Baltimore County Public Schools shared five lessons they’ve learned from the attack that other districts should keep in mind when recovering and responding to their own security crises.
Have Leadership in Place
It’s important to have leadership in place when a cyberattack occurs, said David Stovenour, BCPS director of digital safety, education technology and library media departments of educational options.
BCPS had processes in place before the attack on how to share information with district leaders to quickly make decisions and maintain confidentiality during a cybersecurity crisis.
“Because of the close nature of that work, and because of the group that had gone through that process together, we found that we already had a high level or trust,” Stovenour said. “We had to make decisions both quickly and often without a lot of time for deliberation or discussion.”
Count on Collaboration
Cast a wide net with community partners and vendors when seeking solutions in the middle of a security crisis.
“Cyberattacks are still a new problem, especially for education, and as such there’s no manual yet on how to prepare and how to respond to such a situation,” Stovenour said.
Stovenour also said that it’s important to solve issues without judging staff or partners. In the case of BCPS, the attack was a criminal act and no one’s fault within the district.
When in a cybersecurity crisis, Stovenour suggests reaching out to the FBI, local government and trusted partners. Much of the district’s recovery work could be credited to its strong student data privacy contracts with vendors.
Document Standard Operating Procedures
Before the attack, BCPS wrote a guide on how to restore practices and how systems should function amid a cybersecurity crisis, said Jeanne Imbriale, BCPS’s director of enterprise applications.
Then when the district employed those technical standards for some systems, administrators could quickly restore those applications and bring students back online, Imbriale said. This helped students and teachers access the online tools they needed for learning.
Vetting Technology Assets
Because all of BCPS’ technology resources are centrally managed, the district is able to put systems through a strong vetting process that looks for applications’ abilities to function from a technical, accessible and privacy standpoint, Imbriale said.
The school district also relied on CoSN’s data privacy toolkit to manage vetting requirements. A centralized vetting process allowed administrators to feel comfortable relying on resources when recovering from ransomware attacks.
Before bringing applications online during the attack, the district re-vetted its tech systems as it was rebuilding a stronger environment. Since then, all technology assets go through an annual vetting process to ensure they meet the district’s standards.
Create a Software Portfolio
Since the ransomware attack, BCPS has formalized its technology portfolio to make sure the district has an exact account of the more than 400 varying applications and many users in its digital ecosystem, Imbriale said.
If the district needs to quickly recreate its digital environment in the future, the portfolio will provide the blueprint for being able to easily do so.
It’s also critical to keep a list of vendor contacts in this digital portfolio so that the district can alert and work with them in a timely manner.
Story via K-12 Dive