It used to be that if students were truly desperate to skip a test, a fire alarm would mysteriously be pulled. To educational institutions around the world, this type of clumsy attempt to disrupt the learning process is probably known as the good old days.
While the leaps and bounds by which technology has grown has undoubtedly benefited the education industry, it’s complicated a few things as well. The fire alarm trick may have been annoying, but one disgruntled student being able to take down a school’s entire network spells disaster.
Protecting educational institutions from cyberattacks poses a number of unique challenges that require layers of mitigation, but as a recent case study with the Corona-Norco Unified School District (CNUSD) in Riverside County proves, it can be done.
54,000 potential victims
As one of the biggest school district in the state of California, CNUSD consists of 51 schools – 33 elementary, eight intermediary and eight high schools for a total of 54,000 students. So when online services are disrupted, that’s 54,000 students having their education impacted. And starting in March of 2016, the team in charge of CNUSD’s network and data center operations noticed an uptick in attempts to disrupt those online services using distributed denial of services (DDoS) attacks.
A DDoS attack is one that is undertaken with the goal of denying the use of a website or other online services – such as the online curriculum components necessary for STEM and blended learning. A DDoS attack does so by using a botnet, or a network of internet-connected devices hijacked for remote use, to aim large amounts of malicious traffic at the target, overwhelming its resources.
First the good news
Many DDoS attacks are the work of either attack groups trying to gain attention for their DDoS misdeeds, or cybercriminals using distributed denial of service attacks as distractions while intrusions and other serious hackings are perpetrated, often resulting in stolen sensitive data or financial information.
For many educational institutions including CNUSD, however, this doesn’t tend to be the case. The attacks on CNUSD were aimed at public-facing webservers, including grading web servers that can be accessed by parents. This pointed to students as the masterminds behind the attacks. While no DDoS attack is a good DDoS attack, a student getting into mischief ranks a lot lower than a cybercriminal looking for sensitive data on the threat scale.
Then the bad news
A disruption is a disruption, and a successful distributed denial of service attack can be a major disruption, especially when it can potentially affect 51 schools at once. There are two major factors working against institutions like CNUSD when it comes to these attacks. The first is that it’s never been easier for the average person to launch a DDoS attack thanks to botnet for hire services, which allow anyone with a few extra dollars and the desire to attack to take aim at the target of their choosing. The second is that a school district can’t separate its digital infrastructure from its learning environment without seriously limiting the privileges of students. So while CNUSD knew the threats were coming from inside the network, there was no easy catch-all solution that wouldn’t essentially punish all the students for the actions of a few.
The first solution
Knowing their own infrastructure support team already had their hands full, CNUSD needed a solution that was largely hands-off that could still provide the kind of specialized protection required by the school district. The online security team engaged a security analyst to find a solution that met these needs, and that analyst had an immediate suggestion: professional DDoS mitigation from Imperva Incapsula.
CNUSD quickly onboarded Incapsula’s DDoS protection for approximately 20 of its websites. Not only does this professional protection guard against attacks from within the network, but it also protects against attacks students could launch from their home devices or smartphones. Soon after deployment the CNUSD team noticed the attempted DDoS attacks increased in magnitude in an attempt to blast through the new protection. All attack attempts were easily mitigated.
The STEM and tech-heavy learning environment the school district promotes is a wonderful thing, but it perhaps backfired when the student attackers realized they should stop focusing their attacks on the now impenetrably-protected websites and turn those attacks against CNUSD’s internet connection. This rendered the organization’s Microsoft 365 unavailable as well as its cloud-based learning resources including Blackboard and Canvas.
Protecting these resources meant protecting the infrastructure, which meant onboarding the Imperva Incapsula Infrastructure Protection solution. Though this required a more complex onboarding process, the result has been stable protection that will prevent future outages.
Much has been made about how distributed denial of service attacks are on the rise against universities, but the DDoS threat against K-12 institutions is significant as well. This is a message CNUSD’s Director of Network and Infrastructure Brian Troudy is quick to spread at events, including at a K-12 school district technology consortium conference where he warned districts about the chance of these attacks occurring during California’s state-wide standardized testing in spring of 2017.
A number of districts have since engaged with the CNUSD security group to learn from their experience, and hopefully layered DDoS protection will become a must-have for educational institutions across the United States and around the world soon, forcing students to go back to the good old days of pulling fire alarms.