On the first day of virtual learning, Humble ISD servers were reportedly hit with a cyber attack. Elizabeth Fagen, the school district’s superintendent, shared a tweet in response, labeling the instance as a denial-of-service (DoS) attack:
The My Humble server is currently experiencing a cyber attack called denial of service. We are working to isolate and resolve. Zoom, websites, adult emails etc. all working fine. Our extra security for students requires them to go through My Humble. @HumbleISD If on, stay on. 🙂— Liz Celania-Fagen (@ElizabethFagen) August 11, 2020
Accudata cybersecurity partner Palo Alto Networks defines this type of attack as “an attack meant to shut down a machine or network, making it inaccessible to its intended users.” DoS attacks accomplish this by flooding the target with traffic or sending it information that triggers a crash.
In this instance, students were locked out and unable to sign in to Humble ISD’s My Humble platform. Many parents replied to Fagen expressing their concerns and questioning if the district was even prepared:
You were wholly unprepared for this. My online 9th grader is about to be “tutored” for all pre-ap. Why are you punishing the kids who chose online ?— The Kate B (@beastiechild1) August 11, 2020
Please let us know when this is resolved! My child can’t sign in!!!— Selene Cerda (@selcer1130) August 11, 2020
I suppose there is no Denial of Service Response plan?— Joe Hellsten (@SQLTex) August 11, 2020
Why wasn’t this tested. You all knew how the AP exam went technology wise...— Tanya Sorensen (@Tsorengrist) August 11, 2020
We asked a leader within our Risk and Compliance team, Josh Berry, for his thoughts on the attack. Feedback received tells that this may not have been an attack at all. Instead, Humble ISD may have been operating within a network not suitable for a surge in users as virtual learning creates.
What were your immediate thoughts upon hearing about the Humble ISD cyber attack on their first day of virtual learning for the school year?
Given the limited resources of most school systems, I wouldn’t immediately assume it was a cyber attack. DoS attacks aren’t very technical in nature and often just rely on sending a large volume of requests to a server such that the server or network devices in between cannot keep up with the traffic. This may have been an attack but could also easily be a student disrupting the network or a lack of adequate/redundant systems.
How do you think this type of attack could have been prevented?
This attack really can’t be prevented, but the likeliness could be reduced by implementing redundant, clustered, load-balanced systems that spread the requests. A service like Cloudflare can be used for web-related systems to further limit the impact of a DoS/DDoS attack. Load testing should also be performed to ensure the system can handle more than the maximum peak load.
What should other school districts or big organizations learn from this incident?
I’m not sure there is a whole lot to learn. This type of attack is performed pretty regularly and has been common for a very long time. There wasn’t anything really unique about it, nor was it particularly large in scale compared to some of the other ones that have made the news. The most unique thing is that since many schools are all or primarily virtual right now during COVID-19, it could have a greater impact on the school system’s ability to deliver quality education (quality is already difficult in an online format), as these attacks are easy to accomplish and students might be tempted to try to delay/disrupt school using this technique.
The Humble ISD incident hit close to home due to its nearby location, but school districts nationwide have been facing cyber attacks and server issues caused by the increased volume of users attempting to access. No matter the case, plans should be in place to quickly repair the situation to reduce downtime and continue productivity.
It’s impossible to eliminate cyber risk, but Accudata has made it a priority to help clients reduce their known risks. Our security and compliance consultants are certified to reduce risk and exposure to protect company assets from cyber threats. For more information on our cybersecurity services, visit http://accudatasystems.com/secure.