BURIEN, Wash. — Highline Public Schools (HPS) said classes will be canceled again on Tuesday as it works to investigate "unauthorized activity" on its technology systems.
The district said it detected the issues over the weekend and took many of its programs offline to address the issue. It did not confirm that it was a "cyberattack."
"Student safety is our number one priority and there are a lot of systems we rely on in schools we've cut off access to as we investigate," said Tove Tupper, HPS chief communications officer. "For transportation, we use a system to know where buses are going, we need access to that tool. Attendance tracking, there's a system we need access to. It's not that those systems have been compromised at this point, it's that we've shut off access to those systems."
While Highline has not confirmed whether this was a a "cyberattack," more districts are dealing with tech breaches of that nature.
A report from the US Government Accountability Office said cyberattacks on K-12 schools have increased in recent years. According to the agency's research, loss of learning following a cyberattack can range from three days to three weeks, with full recovery taking anywhere from two to nine months. The agency said financial losses can range from the tens of thousands to around $1 million, depending on the extent of the issue.
Dr. Erik Moore is the program director at Seattle University's Online Master of Science in Cybersecurity Leadership. He served as the executive director at a school district overseeing and developing cybersecurity and infrastructure.
"Services like [schools], much like hospitals, have a level of urgency to them and they must respond quickly to maintain their services, and when ransomware comes in they're looking to force a situation where you'll need to pay a ransom to recover," Moore said. "I really respect [Highline] school district's response a lot. I thought they were saying some really good things- one was that they're having a cyber attack, they want you to know that, they're giving you a estimate for how long they think it's going to take, and they're really deciding to cancel a lot of services."
Moore said communication is key-- and so is acknowledging the inevitability of cyber attacks in today's technology landscape.
"Eventually we're going to have to have cyber snow days," Moore said. "I think that gives the idea in people's mind to be realistic about the fact that [attacks] do happen sometimes and you have to take a pause to make sure things are safe."
Work is underway to share information across districts, spread awareness about attacks and push for policy solutions to support school systems.
Doug Levin is the director of K12 Security Information eXchange, or "K12 SIX." He said despite misconceptions that schools aren't targeted because they don't have deep pockets, most cybercriminals are looking for money.
"If they can't extort money from a school system by shutting it down, they will try to repurpose that data on the dark web and it can lead to identity theft," Levin said. "People misunderstand- sometimes young children's data is actually more valuable to cyber criminals and identity thieves than that of adults because they have pristine credit records that aren't being monitored as closely as yours and mine."
He recommends parents consider freezing their children's credit as a precautionary measure. But his main focus is working with districts across the nation. K12 SIX offers training and education resources, along with providing policymakers with information to support increased funding for cybersecurity infrastructure.
"Schools are always cash strapped and this year is no exception, and this is a new cost for schools in the 21st century here," Levin said. "We rely on technology for everything we do in the classroom but also back office and district operations."