Ransomware has traditionally been a practice where cybercriminals encrypt data and demand ransom in exchange for a decryption key. More recently, a growing number of these bad actors threaten to make this information public if they do not get paid. This shift in the practice of ransomware has increased the "attractiveness" of K-12 schools for cyber criminals. Information about children is among the most highly protected data there is, making it more likely ransoms will be paid to keep it private. For this and other reasons, K-12 schools are seeing an increase in ransomware activity. In 2021, there were at least 62 reported ransomware cases as compared to only 11 in 2018. 2021 also saw ransomware as the most common cyber incident for K-12 schools for the first time ever.
What Gets Compromised in a Ransomware Attack?
An incident in 2020 involving Fairfax County, VA Public Schools resulted in employee social security numbers being posted online. Hackers targeting a school district in Allen, Texas emailed parentswith threats to expose their childs' personal information if educators did not pay a ransom. Showing the full swing of ransomware impacts from the serious to the mundane, a 2022 attack on the Griggsville-Perry School District in Indiana had many records compromised and leaked including a detention slip from December 2014 for a student who would not stop interrupting his health class. This shows the breadth of access that hackers had to documents and has led many schools to reexamine their file retention policy to reduce the amount of data accessible to bad actors.Continue reading →
There's no shortage of mandates and guidance related to modernization-PMA, Technology Modernization Fund, FITARA, Cyber EO, CX EO-pushing the government to update how they deliver services online, but what does it really mean, and what is involved?
Modernization in government began with transforming data centers and integrating cloud computing into government IT architectures and moved on to improving customer experience. Agencies have made inroads in all areas. The recent FITARA scorecard showed that data center consolidation goals have been completed. Cloud efforts have moved from Cloud First to Cloud Smart in an effort to ensure cloud was just not a checkbox but was being used to transform how the government consumes and distributes IT services. Citizen Experience (CX) has been a priority across three administrations with the next generation of CX efforts outlined in an executive order. These modernization efforts have resulted in billions of dollars in cost savings and increased efficiency for a government workforce that is now telework friendly, but the work is not done.Continue reading →
The battles of tomorrow will likely not be fought on the ground, they will take place in cyberspace as nation-states and rogue actors alike look to interrupt the everyday functions of a country via high-tech attacks. Recently we saw theRussian hack of software, designed (ironically) to help organizations monitor network problems and anomalies, which has the government and private companies scrambling to determine what data was compromised. With cyberspace being the new battlefield, data and data management have quickly become a strategic asset in the DoD arsenal.
Last fall, the DOD released the Department's Data Strategy. An overarching guidance on how they will manage, secure, and use data. This document supports theDOD's transition to "a data-centric organization that uses data at speed and scale for operational advantage and increased efficiency." The Data Strategy includes 7 goals, nicknamed VAULTIS, to becoming data-centric:
The development and use of Artificial Intelligence (AI) became official policy of the United States with the signing of an Executive Order in February. This order outlines and directs America's government-wide push to advance the use of AI through research and public/private partnerships. In the ensuing months, the Department of Energy has emerged as a leader in these efforts.
In September 2019, the DOE initiated the Artificial Intelligence and Technology Office (AITO) to help channel the department's vast resources across its national lab facilities. These efforts are paying off as DOE partners with Health and Human Services and Veterans Affairs as part of the COVID-19 Insights Partnership with the goal to increase data sharing and analysis in the fight against the spread of COVID-19. The DOE is also pressing ahead with private partnerships announcing the First Five Consortium with Microsoft, the Pacific Northwest National Laboratory, and the Defense Department's Joint Artificial Intelligence Center (JAIC). Together they will develop AI-based solutions for data-first responders.
According to the group, this event comes just as the Defense Forensics Enterprise takes shape and procurement procedures shift from ad-hoc funding to budgeted expenses. Established by the Department of Defense, the Defense Forensics Enterprise exists to expand the scope of defense forensic capacities and to synchronize efforts among federal agencies and armed forces.