School cybersecurity expert weighs in: What’s happening in Minneapolis?

Music software
Cyber attacks are becoming increasingly common, and have the potential to actually halt school programming and shut down systems at schools like Hmong International Academy in Minneapolis.
Jeffrey Thompson | MPR News 2014

Minneapolis Public School students and staff returned to classrooms on Monday this week, but disruptions caused by an “encryption virus” —  including losing access to district accounts, devices and shutting down after-school activities —  continued throughout much of the week. 

“I think the district is trying very hard not to flat-out say that they’ve experienced a ransomware incident… But this has all the hallmarks of those sorts of incidents and that’s what I would consider it to be,” said Doug Levin, national director of the K12 Security Information Exchange and an expert on school cybersecurity.

Cybersecurity is becoming an increasingly prominent concern for public school districts.

In September of last year, the country’s second-largest district was targeted. According to Levin, there have been approximately 200 similar incidents targeting both big and small districts throughout the country in the last three years — and the ransom demanded has grown from $5-$10 thousand to closer to $1 million or more. 

Create a More Connected Minnesota

MPR News is your trusted resource for the news you need. With your support, MPR News brings accessible, courageous journalism and authentic conversation to everyone - free of paywalls and barriers. Your gift makes a difference.

“(This is) affecting school districts from coast to coast — from some of the largest school districts in the nation to much smaller and more rural school districts,” Levin said. “I do think that these incidents are happening more frequently than people realize.” 

The Minneapolis district has moved from saying on Monday this week that it’s found “no evidence” that personal information was compromised, to emailing families that “an unauthorized threat actor may have been able to access certain data located within the MPS environment.”  

Here’s what Levin thinks you need to know about what’s happening in Minneapolis: What is a ransomware attack? 

A ransomware attack is carried out almost exclusively by criminal gangs operating overseas, largely in Russia, according to Levin. 

The groups gain access to a computer system and make it unusable and then demand a payment from their victims.

Why is the Minneapolis school district not calling this a ransomware attack or being more forthright? 

The Minneapolis school district has denied MPR News requests for interviews on the ongoing incident. According to Levin, there may be several different issues at stake.

First, most states do not have reporting requirements when it comes to what school districts are obligated to do when they experience a cyber attack. Most states also lack any sort of cybersecurity standard that school districts are required to adhere to.

Levin also posits the Minneapolis district may be getting advice from insurance providers or lawyers who are telling them they can limit their liability if they avoid using certain words in public communications. 

What should families, students and employees do to protect themselves? 

Levin suggests people connected to the district change their passwords — especially if they’re reusing them on multiple accounts — enable two-factor authentication, and keep a closer eye on email, social media and financial accounts.

Parents should freeze their minors’ credit accounts to prevent identity theft (The Minneapolis district is directing people to report major fraud or freeze credit through credit reporting bureaus such as Equifax, Experian and TransUnion) . 

“Presume that data has been breached by criminal actors,” Levin said. “Take steps to protect your identity.” 

What should the Minneapolis Public School district do going forward? 

Levin said it’s possible the district will continue to experience cyber attacks. 

“Unfortunately, a school system that themselves are victims of cybersecurity attacks like this one are actually fairly likely to experience repeat attacks going forward,” Levin said. 

He also suggests families and staff ask their board and district leaders to make sure there is a dedicated budget for cyber security, and a plan in place to address cyber attacks when they occur. 

“What I would suggest for parents... make sure that the school board and superintendent are ensuring that the school system takes cybersecurity risks just as seriously as they take risks of physical violence on the school campus,” Levin said. 

Do other Minnesota districts need to be concerned? 

Cyber attacks are becoming increasingly common, and have the potential to actually halt school programming and shut down systems. 

“At this point, given the data that we've seen, it's really only a matter of time before you know any particular school system is a victim,” Levin said. “We've seen attacks in, you know, some of the largest school districts from, you know, state to state to state, as well, as many small ones.”

Levin points school leaders to a recent federal report on cyber security threats to schools, but also says districts may need help from state and federal sources. 

“This is a growing national crisis,” Levin said. “While there are certainly things that we should and can expect superintendents and school boards to do, ultimately we’re going to need more help from the state and federal government.”