The STEM misdirect and rise of Cyber Infrastructure in K-12.
In today’s mobile learning environment, success is not solely based on the technology and how innovative educators and institutions are with it but how smooth the experience, from a reliability, performance and a security perspective. With E-Rate and Grants focused at the latest networking technologies, School Districts are already well into revolutionizing their school environments. But is security really topping the list on these efforts? Are we making the right preparations and decisions when it comes to the threats that all digital education environments face? I mean, not just the IT people but the legislators, the board members, the curriculum and academic leaders?
IT Knows Security is Vital
My recent travels have given opportunity to talk with numerous educational organizations – one thing stands out – IT security is very important to everyone. Multiple new education demands such as deployment of one-to-one programs, the pressure for online assessment tools to work without fail and the increased amount of education technology being tied to student success, are all giving rise to new questions. Questions like “is it really safe”, or “is it secure” are to be fielded solely by technology departments.
One school I talked to said they had recorded over 80,000 denial of service attacks in a week, internal and external attacks. The threat is very real when you look at the type of consequences (see the case of a Breach at Nashville Metro School District- http://www.databreaches.net/tn-tbi-investigates-possible-theft-of-6000-state-metro-employees-personal-info/)
Balancing EdTech and Personal Learning with Security
So are all Educators aware of this? In my travels I did find an alarming number of Academic & Instructional technologists who were not aware of the threats that we have in our midst’s, or of their contribution to that threat. Where a teacher-driven device or EdTech centric one-to-one program has been successful, it also has been backed by plan to strengthen the school network and security. But the influx of STEM devices and learning technology is a bit of a blind spot. Of course, School departments do not look at the devices or applications in isolation, but as supplementary didactic tools to help teachers teach. So they are secured at the physical access level in the most part.
The issue lies in the advice on how to protect, influence or build a classroom environment, one that will ultimately deliver personal learning, allowing the use of education technology without restriction means innovators in education are pushing the IT envelope. Of course, that ideology is inherently open and unsecure.
Internet of Things and the STEM Misdirect
On top of the mobile devices, the cloud learning applications and the crisscrossing of digital footprints with social media (Parents, teachers, students and staff), we have to add the education technology’s synergy with Internet of Things (IoT) in to the melting pot. The IoT revolution may seem just starting in some industries but Education is already matured thanks to the STEM programs. For example, take a look at the STEM classroom full of Raspberry PIs, Robots and gadgets to help students learn through innovation, and you will see a real internet of things in action. Maker labs and STEM programs in school are not the only IoT in K-12, Look at the increased use of IT building management devices that help secure, notify and protect a campus (IP connected cameras, door sensors, locks, etc). The issue is not limited to admin or academic devices, but now education, operational and physical related devices connected to the school network.
What do I really mean? So every device in IoT is IP connected, carrying a MAC address, an IP stack and the ability to transport information across the network. In fact, however non-threatening those Raspberry PI kits or programmable robot are, they are a way in, a weakness to exploit for any hacker. They can punch holes in the security of a network with their naturally open source make up.
By simply taking the USB IP connector from a STEM computer kit, and plugging it into a laptop, I am cloning that STEM device. This “unthreatening” device is, welcomed on the school WLAN as an education tool however now I am on the network via my quad processor hacking device, and have opened the door for a breach.
Okay so I may sound like I am scaremongering, but in recent studies education organizations are top of the lists for cyber breaches and attempts. Higher Education actually comes out at 105% above the national average in terms of cost per breach. I call this the STEM misdirect. K-12 school systems are a lot harder to quantify the threat and effect, but impact must have a more emotional impact as we rush to be the best at STEM.
( See this IBM report, and articles)
The Catch 22
Here is the dilemma, what is the balance? How do schools adopt the innovative direction that digital learning and STEM offers our future generations, without compromising the security. Or offer the highest IoT security without compromising the learning environment that must be created for these students to be successful in the future world? A real catch 22.
STEM is important for all our futures, so we must continue to support the trend of education technology in the classroom 100%, but we need to tread carefully. We need to educate the superintendant, the school board, even the teachers themselves on the impact and consequences of these cyber threats, especially in response after any breach or incident. The new school environment is going to be a lot harder to protect.
The directors of technology have the responsibility to ensure the school networks deliver on reliability, security and capabilities. Our school boards, suffer the STEM misdirect because they don’t totally understand the consequences or the necessary preparations needed in today’s cyber world for the sophisticated hacker. Yes the academic people have better understanding of technology-assisted teaching and its impact on the teacher, the student and the parent, but the blueprint for dealing with breaches, and the lasting effects of any attack is not in their field of vision. This is mainly because classroom technology should be designed around the teacher and the student relationship, regardless of device chosen to assist in learning, and the IT team should worry about everything else.
The Third Wave of Threats
I recently heard Carlos Solari, CIO of Mission Secure Inc., talk about the waves of threats that we have lived through in IT. He talks about the second wave of hacking being mature and in full operation, a wave most in IT are very familiar with. He claims the third wave, one that focuses on IoT devices and operational instruments, is a more serious wave. He indicates that the fourth wave, one that is an eye opener, is not far away, but we should walk before we run. I took this as to indicate that where we have build our school networks to deal with wave 1, and wave 2 (Firewalls, access control, traffic anomaly detection etc), that we are not focused on the wave 3 threats that STEM, 1 to1 and other digital initiatives can let in. Wave 3 is one that focuses on eliminating the STEM misdirect.
Building the Right Foundation
SO what are the recommendations? There is no one size fits all magic solution, no out of the box product that fixes everything, protects everything, and makes this issue disappear. As a Vendor, we look to a range of features and technology supported inherently in the equipment itself, at the foundation of the school network. These increase the security of the IP network:
• Policy management,
• Unified Access controls,
• hardened equipment,
• Code Guardian - http://www.lgsinnovations.com/wp-content/uploads/CodeGuardian-Overview.pdf
without stopping progress with education technology. This is vital to secure from the ground up while freeing the creativeness of the educators.
The next step will be educating the executive, the school boards and the school stakeholders about this new phase in IT cyber security. For my part, I will be sharing my finds in blogs like this, getting on the road to speak with experts, attending conferences, meeting with schools and speaking at regional events (such as upcoming speaking opportunities about the rise of the K-12 Cyber Infrastructure).
We will be focused on recommendations on how to build the right K-12 network foundation, the new cyber infrastructure for schools, one with teachers and students at the heart, and one that is protected to the highest level.
This information on the latest technology steps we and our partners are developing (such as our new Code Guardian, last line of defense). See https://www.al-enterprise.com/en/perspectives/strategies/security
This plus our commitment to education customers means we will work with the school CIOs and superintendants, to help develop the school environments of the future, a unhindered pathway for all students to a better life. Starting with educating the educators.
Whether a primary, secondary, or post-secondary institution, collaborating with professional first responders in a time of crisis is a requirement.
Our mass notification solution supports message delivery to multiple devices for real-time mass reach and enables recipients to respond if they are safe.
Raising awareness of a campus safety event is not a trivial task given the disparate sensors & alarms that may be involved. It requires an integrated approach.
Digital transformation helps businesses improve the customer experience, increase employee efficiency and accelerate decision making.
Threats arise quickly and evolve fast. Proactive security solutions that can prevent, detect and respond rapidly are crucial to the aviation industry.
It’s not just millenials; every generation, including baby-boomers, are driving enterprises to shift to collaboration tools from the cloud.