School Systems Should Make Sure They Have DDoS Protection

Schools need cybersecurity Blog

Cybersecurity for K-12 school IT systems is important during ordinary times, but these are not ordinary times. As the COVID-19 pandemic forced many schools across the globe to adopt online/distance learning, it is more important than ever for their IT managers to ensure network security and uptime. Online education is difficult enough without the chaos caused by cyberattacks, especially attacks that disrupt teaching and learning. Pre-pandemic cyberattacks on school systems were not uncommon, but they have increased in the past year. In December 2020 several US federal government agencies issued a Joint Cybersecurity Advisory, to warn that threat actors have increased their targeting of K-12 school systems to steal data or disrupt online learning via ransomware, malware, video conference hacking, and distributed denial of service (DDoS) attacks.

In the past year there were several incidents of DDoS attacks on school systems in the US, that overwhelmed networks with traffic to force them offline or slow them down. Recently, Miami Today News reported that the Miami-Dade school system may sue its Internet Service Provider for failure to block the DDoS attacks that plagued the schools for the first week of the 2020 fall semester. The school suspected the cause was a DDoS attack, and thought they had DDoS protection; the school system’s Chief Auditor claims that the ISP, Comcast, was under contract to provide DDoS protection all along. According to Miami Today News, “It wasn’t until the morning of Sept. 1 that Comcast determined that the district was, in fact, the victim of DDoS attacks and that the district was not configured by Comcast for automatic [protection] as contracted.” Online outages lasted for a week until Comcast engineers and the district set up an “always on” system blocking DDoS attacks.” The hard lesson here for school systems is that they should make certain, and not assume, that they have always-on, automated, real-time DDoS mitigation. Responding to the crisis takes time and money, and disrupts operations, but lack of clarity about what kind of protection you do or do not have can make the post-incident resolution more time-consuming and expensive, especially if it involves litigation.

This incident also serves as a reminder to ISPs that they 1) can protect their downstream customers from DDoS attacks and 2) should abide by their service level agreements (SLAs) to provide that protection. Although incidents such as this may be unusual, and litigation may be even more rare, ISPs can suffer damage to brand reputation for failure to meet their SLAs. The pressure for ISPs to perform is greater than ever, because the pandemic has made service availability crucial to remote workforces and education systems alike that depend upon the Internet to conduct business.

It’s worth noting that a 16-year-old was charged with executing the DDoS attacks, and used an online service to execute the attacks; neither fact is surprising, since students are often the threat actors to launch attacks against their own school district or university, and DDoS-for-hire services are easy to find, and inexpensive to use.

Even as normal academic life resumes, school systems are still vulnerable to DDoS and other forms of cyberattacks, given that threat actors have an arsenal of sophisticated weapons which they are increasingly using to target victims in nearly every sector and industry.

For over a decade, Corero has been providing state-of-the-art, highly-effective, real-time automatic DDoS protection solutions for enterprise, hosting and service provider customers around the world. Our SmartWall® DDoS mitigation solutions protect on-premise, cloud, virtual and hybrid environments. For more on Corero’s flexible deployment models, click here.  If you’d like to learn more, please contact us.

Sean Newman is VP Product Management, responsible for Corero’s product strategy. Sean brings over 25 years of experience in the security and networking industry, to guide Corero’s growing leadership in the real-time DDoS protection market. Prior to joining Corero, Sean’s previous roles include network security Global Product Manager for Cisco, who he joined as part of their acquisition of cyber-security vendor Sourcefire, where he was Security Evangelist and Field Product Manager for EMEA. Prior to that he was Senior Product Manager for endpoint and network security vendor Sophos, after having spent more than 12 years as an Engineer, Engineering Manager and then Senior Product Manager for network infrastructure manufacturer 3Com.