Gilbert Public Schools is frequently a target of cyberattacks, which is driving the district’s efforts for a more comprehensive cybersecurity plan, officials said.
“They are out there, and they outnumber us many to one,” GPS Network Systems Coordinator Ward Heinemann said about cybercriminals. “They don’t have to have a high percentage of success. … They can tolerate trying over and over and over again because they really only want that one success. It’s an ongoing thing that you just have to aware of.”
The topic was part of the work-study session for the district’s governing board Aug. 6.
GPS Executive Director of Technology Jon Castelhano said the payroll department has been hit several times this year by outside requests to change direct deposit information. The district has foiled the attacks by directly contacting the employee to see if the request came from them.
The attacks are increasingly sophisticated, Castelhano said. One computer worm that got into the system in March came from what appeared to be a routine invoice from a known vendor. The employee who downloaded the fake invoice had no reason to suspect it was not a real invoice, he said.
The worm spread in the accounting department and took several days to eradicate, Castelhano said.
The threats range from malware to ransomware, social engineering and phishing schemes, he said. Castelhano said the number of threats has grown steadily over time.
The district has a line for cybersecurity in this fiscal year’s budget for the first time. Its plan has five pieces—identify assets, protect assets, detect incidents, respond with a plan and recover normal operations. Those pieces have 108 subcategories.
“You can imagine how daunting that is to go through to develop a plan,” Castelhano said.
Among the items Castelhano underscored was partnering with other districts and Arizona State University’s information technology department.
“Arizona has a very tight-knit community when it comes to technology directors and CIOs [Chief Information Officers],” Castelhano said. “We share a lot of information and collaborate constantly on what are they doing, what are we doing.”
Castelhano also was part of the team presenting to the governing board the digital citizenship program curriculum that will be used in the district.
The curriculum comes from commonsense.org, a nonprofit that advocates for safe technology and media for children, staff members said.
The district has partnered with commonsense.org in the past, but this year’s K-12 curriculum is new with expanded tools for classroom use that will make the presentations more robust, Castelhano said.
Commonsense.org will put out the curriculum in the district through trainers for the teachers. The teachers have six lessons they can present. The topics are digital footprint, media balance, cyberbullying, online privacy, communication, and news and media literacy.
Teachers who present the lessons and schools where the lessons have been presented throughout the school will be recognized for their participation in the program.