The upgrades include multiyear renewals of firewall and antivirus protection as well as backup software and an additional layer of IT security the district has been lacking — IT security awareness training for employees.
Board members meet Tuesday to consider approval of the expenses.
"Public entities are being attacked with ransomware, malware and malicious computer viruses at a staggering rate," board documents state. "It is imperative that IT security remains a top priority and focus for Rockford Public Schools now and every year going forward. IT security awareness training is the most critical component of their initiative to mitigate threat opportunities."
In this most recent attack, Rockford Public Schools experienced trouble with its phone and internet services Friday morning. A regular school day was held, and classes resumed Monday despite ongoing districtwide outages and concerns from some parents that the outages could put children in danger.
"Communication was a big concern," said Kelli McDorman, the parent of three RPS students. "What if a school goes on lockdown? Will the tornado drills (alarm system) work?"
McDorman said she allowed her kids to go to school Monday after she sought input from other mothers, relatives and her children, ages 3, 14 and 17.
Dozens of people took to social media over the weekend raising similar concerns, speculating on the cause of the attack and wondering if parents and employees should be worried about identity theft.
'This is a challenge'
The district's website is down. Emails are not working. Student attendance is being taken by hand. Staff has been ordered to not use any district-issued computers or laptops or other systems like Google Drive and Google Classroom until further notice.Measures of Academic Progress testing scheduled for Monday has been postponed, officials said. Students use computers to complete MAP tests, which are taken in grades kindergarten through 12th grade.
"Parents need to understand that this is a challenge, and the district is going to do everything possible to keep our information and our children safe," said board president Ken Scrivano. "We can make emergency calls. Our buildings are secure. Our locks are functioning. ... We strongly believed that we need to keep our schools open and provide an education for our kids."
"We can call all of the schools," said Mel Gilfillan, president of Rockford teachers union. "There are cell phones in all of the administrators' hands. There are walkie talkies in school staff hands. Of course, we want to make sure all of our teachers and students and staff are safe in the buildings, and I do feel everybody is safe."
Teachers have had to make significant changes to lesson plans that involved the use of computers and other technology such as Smart Boards, Gilfillan said, which have replaced chalk boards in almost all classrooms.
"What this has done is really shown us that teachers have to think on their feet and have to adapt," he said. "They do the best they can at a minute's notice because every day something different can happen in the classroom. ... It's kind of been like going back in time."
'A big worry'
Ransomware is a type of malicious software, also known as malware, that is designed to deny access to systems or data until a ransom is paid. It often is spread through infected emails and websites.Outages are expected to continue throughout the week.
The district has not released any information on who is responsible for the attack, how it happened or any terms of ransom. Officials said the matter is under is investigation. They would not share information about the ongoing probe.
Teachers — as well as some parents on social media — have raised concerns about teacher and student personal information such as Social Security numbers and whether hackers gained access to that kind of information during this attack.
"It's a big worry, but we can't say," Gilfillan said. "We haven't been clued in on that."
Scrivano said the district's telecommunications systems were shut down quickly — "as soon as they realized what was going on" — and he believes that may have protected personal information.
"We don't believe that information went anywhere," Scrivano said. "To date, that is what we know, but it's important to remember that this is an ongoing investigation, and we are getting another update tomorrow."
Some of the district's expenses related to the ransomware attack should be covered by insurance, Scrivano said.
'A huge problem'
More than 4,000 ransomware attacks have occurred daily since Jan. 1, 2016, according to the FBI. That's a 300% increase from the approximately 1,000 daily attacks in 2015.Rockford Public Schools, which serves roughly 28,000 students in 47 schools, is one of dozens of government bodies and school districts across the country that have reported such attacks in the past year.
The district would not confirm whether it's working with local, state or federal law enforcement agencies as part of its investigation. It's hired a computer forensics firm, CDW, to work with its information technology team to restore access.
"Our No. 1 priority is the safety of our students and staff. This includes protecting staff and students' data and information," the district said in statement Monday afternoon. "We are working to get a complete picture of this incident and understand any impact to our data. We will provide additional updates and information when they're available.
"All RPS 205 schools and offices will remain open during the outage. We have shared plans for the week with our principals, and we are working hard to ensure this outage has minimal impact on our students and their education."
RPS had another ransomware attack on July 24, according to the district's executive director of technology Jason Barthel. Barthel told school board members last month that a ransomware attack caused an email archiving system to fail. The district purchased a new email archiving system for about $45,000.
"This is getting to be a huge problem," board member Mike Connor said during the August meeting. "Everybody should expect that we're going to have more of these. There is no one and done when it comes to security and particularly when it comes to hacking or anything like that kind of activity."
Scrivano said the July attack is not related to the most recent attack.
"That is what I'm being told," he said. "That they are totally separate issues."
©2019 Rockford Register Star, Ill. Distributed by Tribune Content Agency, LLC.
