The board voted in favor of purchasing updated digital network security programming from CDW-G of Chicago, Illinois, for $138,005. This expenditure comes from the district's annual software budget and upgrades the network security system already in place.
Board members and district administrators held an executive session to discuss network security matters before the meeting. The board approved the purchase near the end of the meeting as a final action on the executive session, and board members did not discuss the topic.
Assistant superintendent Eric Reid said the district's digital security strategies are not being made public for concern of retaliation from hackers and "bad actors." He said cybersecurity is a worthwhile investment, and that the district did not have anything happen to initiate the network updates.
"It's kind of like a Coach Snyder mentality," Reid said. "We are where we are, and we're really good, so let's keep getting better."
The topic came before the board a week after Pottawatomie County officials announced they had paid a ransom to hackers who attacked the county government's computer systems and took them offline for about two weeks. Pottawatomie County officials paid $71,250 to the hackers and $356.25 in exchange fees to facilitate the cyber currency payment; the hackers had asked for $1 million in ransom, according to county officials.
A report released Tuesday from the state Legislative Post Audit agency indicates many school districts in Kansas are not taking basic steps to protect their networks and the privacy of sensitive information collected about students and employees. The district put network security on the agenda before the results of the audit were announced.
The report based its conclusions on a survey sent to all 286 districts in Kansas; of those, 147, or 51 percent, responded. According to the audit, more than a quarter of the 147 districts didn't have antivirus software installed on all computers. Only 34 percent of districts surveyed indicated they scanned computers for vulnerabilities at least once a month, while 35 percent said they never did. About 69 percent of districts stated they didn't have an incident response plan, while 59 percent do not require confidential data — such as Social Security numbers and other vital statistics — to be encrypted when sending it outside the district's network.
USD 383 technology director Mike Ribble said he responded to the legislative survey, and that the district is being "very cautious at the moment about giving out information on our security posture." He said the district is in a "good position" with cybersecurity, and added that "there's always room to improve."
The auditors recommended that lawmakers consider directing the Kansas State Department of Education to create minimum cybersecurity standards for school districts. KSDE does not currently require school districts to implement specific IT security controls. Kansas Education Commissioner Randy Watson said in a statement that setting such standards would require an increase in IT staff to implement the changes.
District officials have consulted with administrators from other Kansas districts that have been targeted by hackers. Reid said the district is "trying to anticipate" any potential cybersecurity breaches, and that Ribble is "very forward-thinking" in terms of preparing for any kind of cybersecurity threat.
"Anybody that has information in our system should want it protected," Reid said.
In other business, board members approved the purchase of 500 new iPads and 200 additional Internet hotspots to be checked out through schools. USD 383 administrators applied for a grant for Emergency Connectivity Funds (ECF) through the American Rescue Plan Act.
On Sept. 24, the district was awarded $193,563 in ECF money to pay for the new iPads from Apple, Inc., and hotspots from T-Mobile. The district will front $5,000 for a wireless network extension from Maryland-based education telecommunications provider Kajeet.
The purchase continues the school district's plan for providing digital devices to students on a 1:1 ratio. The board approved the 1:1 plan last summer during the height of the pandemic. In March 2020, district officials gathered information from parents and staff about their access to technology and broadband Internet. According to that survey, about 775 students did not have access to digital devices, while about 525 students did not have adequate Internet access, out of approximately 6,300 students across the district.
©2021 The Manhattan Mercury, Kan. Distributed by Tribune Content Agency, LLC.
