Every two weeks, Keeping K-12 Cybersecure–the newsletter of the K-12 Cybersecurity Resource Center–curates the best cybersecurity and privacy news for K-12 policymakers, administrators, IT professionals, and privacy advocates. The latest edition (“On School Board Leadership“) provides information on recent updates to the K-12 Cyber Incident Map, other additions to the Resource Center, and curated news you can use.
Here’s your reading list for articles published during the first two weeks of October 2018:
- ICYMI: Amazon, Google, and Facebook, oh my.
- Security expert Kenn White took to Twitter to describe how his (grounded) daughter foiled his locked-down Chromebook’s security to access the technology to which she was supposedly denied. A fascinating read.
- The story of student hackers and poor cybersecurity practices in Rochester Community Schools (MI) took a few twists and turns since it was first reported by the K-12 Cybersecurity Center. In advance of a Detroit News story (““Student hacker shows holes in K-12 cybersecurity”), the district (finally) publicly disclosed the incident to community members. A couple of weeks later, the story was picked up and syndicated by the Associated Press (“Michigan Student Hacker Shows Holes in District’s System“). However, it appears as the story has gained a greater audience, so too has it lost a lot of nuance (and even some factual accuracy). It’d serve as a great case study for journalism and media literacy classes.
- While I almost skipped over this October 10 story from Oregon Public Broadcasting as a retread of an FBI security alert (“FBI Warns Schools To Protect Student Data From Cybercriminals“), it turns out to offer a detailed look at student data security issues across the state of Oregon, including at the state department of education.
- I’ve been captivated by the release, reaction, and follow-up to a big security story reported by Bloomberg (“The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies“) on October 4. In short, the story profiles alleged hacking involving the manipulation of server motherboards by a nation state actor. Denials from the companies involved has been swift and strong, as have the reactions of independent information security experts. Denials of the specifics of the reported story aside, what makes this fascinating is that the alleged attacks are apparently quite feasible. Coupled with recent reports of other CPU-based hardware vulnerabilities, one is left wondering to what degree we can trust the computing hardware in our lives no matter how good our software and network security may be. This is fine, as the meme goes.
- The Data Quality Campaign is out with its latest review of state student data privacy legislation (October 2).
Be sure to check out the full newsletter and sign-up to ensure you get all the latest news direct to your inbox. And, as always, please contact us with any feedback, tips, or suggestions.