Archive for month: June, 2017
Makerspaces: Overcoming the Barriers to Adoption to Join the Maker Movement
Makerspace refers to a location that people can gather to share resources, brainstorm. collaborate and build. The purpose of a Makerspace is to provide tools and space in an environment that allows those participating to learn from each other through hands-on experimentation. When applying this concept to K-12 institutions. the movement results in a new level of creativity, problem-solving and innovation.
In our rapidly advancing world, schools must prepare students to solve problems their teachers have not anticipated and build skills for jobs not yet created. Makerspaces offer the most powerful educational context to meet these challenges: collaborative, project-based learning. new technologies, and repurposed spaces converged to put learning in the making. Makerspaces not only build and support 2020 workforce skills. they develop lifelong learners.
Throughout the past decade, many K-12 schools have struggled to incorporate technology into the classroom. The first step for these schools to fully embrace Digital Learning Convergence (DLC) is to create Makerspaces in an effort to improve the educational experience for students and accelerate learning. Staff and administration should consider creating areas where their students have the ability to imagine the impossible and challenge not only themselves but also each other.
Becoming DLC is not only defined as moving from text to digital, but also extending a 1:1 ratio by equipping every student with a smart device.
Understandably, this can be a daunting transition for schools, especially in larger districts; the implementation of Makerspaces serves as a gateway.
Often times, institutions do not have the time, resources, skill sets or funding to create successful Makerspaces without assistance from professionals in the area. Schools looking to join the Maker Movement struggle to overcome barriers to adoption and are unsure how to begin the process. Identifying and understanding these obstacles is important before choosing the right partner necessary to help navigate this critical movement and ensure a successful Makerspace.
Learn more about makerspaces through our white paper.
Hack attacks show that Florida schools are vulnerable
The attempted infiltration of some school districts, including Miami-Dade’s, was aimed at stealing Social Security numbers and other ID info but also at trying to access state voting systems, says a cybersecurity firm.
June 18, 2017
By Kyra Gurney
The operations center at UDT, the cybersecurity company that investigated the attempted hackings.
Two months before the U.S. presidential election, international hackers slipped into the computer systems of at least four Florida school district networks in the hopes of stealing the personal data of hundreds of thousands of students.
They infected the systems with malware — malicious software — that turned off the logs recording who accessed the systems, according to UDT, the Doral based cybersecurity company that investigated the incidents. For three months, the hackers probed the systems, mapping them out and testing their defenses. At one point, they even posted photos of someone dressed as an ISIS fighter on two school district websites.
They weren’t just looking for the names of kids and valuable Social Security numbers, UDT found. The hackers were also searching for some way to slip into other sensitive government systems, including state voting systems.
Luckily, the hackers — from Morocco, not Moscow — never found one or managed to get their hands on personal data. But the attempted hacking exposed the vulnerabilities of Florida’s school district networks: vast computer systems that store sensitive information on thousands of students, and their parents, and could potentially provide a back door into other government systems. Amid the national obsession with the alleged Russian hacking during the U.S. election and the constant stream of headlines on corporate data breaches, like the ones at Target and Chipotle, experts say the dangers of cyber attacks targeting school districts are being overlooked.
School districts around the country have been hit with cyber attacks in recent years.
In 2015, for example, the computer system of a New Jersey school district was held for ransom by a foreign hacker who demanded 500 bitcoins — about $128,000 — to hand control of the system back to school administrators, according to the technology news site FedScoop.
In a separate incident that year, three high school seniors in New York were accused of hacking into their school’s computer system to change grades and schedules.
And in Florida, state standardized testing was interrupted in 2015 when hackers overwhelmed a testing vendor’s server with traffic, making computer screens go blank. Students in Florida, like their peers in other states, have also broken into school servers to change grades.
Verizon’s 2017 Data Breach Investigations Report, which provides a snapshot of cybersecurity incidents across the country, recorded 455 “security incidents” in the education sector last year.
There are hackers — like students seeking to change grades — who specifically target schools. But in most cases, they aren’t after a particular government agency or company, said Mike Sanchez, chief information security officer at UDT. “Unless they have a real motivation to bring you down, they’re looking for the low-hanging fruit, they’re scanning for vulnerability,” Sanchez said.
And for hackers, school networks are a gold mine.
A large school district like Miami-Dade, which was one of the districts targeted in the attempted hack last fall, handles the personal information, including Social Security numbers, of hundreds of thousands of current and former students, along with data on thousands of employees and parents.
Unlike corporations with trade secrets and data to protect, many school districts have set up systems to make connectivity easy. With free Wi-Fi in school buildings and a generation of students glued to their smartphones, there are thousands of opportunities for a hacker to gain access to a school network. Students downloading free apps on their phones or hopping from one school computer to the next can spread a computer virus faster than the flu during flu season.
“There’s always this want to have open access and it is a learning environment so some things that corporate America does just by rule we wouldn’t apply in an education environment,” said Paul Smith, the Miami-Dade school district’s director of data security. “We’re talking hundreds of thousands of devices on our network. That’s one of the challenges that we face.”
And the data school districts handle is particularly valuable to cyber criminals.
“If you’re trying to steal identities or cobble together identities, if you can get a person’s name, date of birth, home address, you’re starting to get a fairly complete record,” said Michael Kaiser, the executive director of the National Cyber Security Alliance. “Think of the things school districts have — it’s more than many businesses.”
Students’ Social Security numbers are particularly valuable, said Yair Levy, a professor at Nova Southeastern University who researches cybersecurity.
“High school kids, almost all of them have a very clean slate when it comes to credit scoring. So they’re trying to gain access to a large volume of teenagers’ [information] that can help them down the road,” he said. “These guys have time. They’re willing to wait a year, two years before they can actually monetize that data.”
And on the dark web, these Social Security numbers sell for $25 to $35 a piece, Sanchez said. The information from just one school could easily be worth more than $10,000.
HACKERS DRESSED AS ISIS FIGHTERS
That appears to have been one of the principal motivations for the hackers who sent malware to Florida school districts last fall — the promise of thousands of untarnished Social Security numbers.
The attacks began with an email message containing an image that, once clicked, activated a code that sent malware into the system.
The malware went undetected for several months as the hackers conducted reconnaissance, according to UDT.
Then in November, a photo of someone who appeared to be one of the hackers dressed as an ISIS fighter went up on a school district website. It stayed there for about 24 hours. The following month, the same photo flickered onto another school district’s website.
The districts contacted UDT, and in early December the company discovered the malware.
What they found was troubling.
The hackers had been able to turn off the logs recording who entered certain computer systems and what they did while logged on. That made it difficult for the UDT analysts to know, with total certainty, what the hackers had done. It was a sophisticated maneuver that Sanchez and his team had never seen before.
UDT contacted the FBI and re-engineered the malware so it was no longer a threat. The analysts found no evidence that any data had been taken. The FBI declined to comment on the incidents or on cyber crimes in general.
Smith said Miami-Dade was one of the districts targeted in the attempted hack, but UDT would not identify the other school districts. The hackers also targeted a Florida city network with a similar attack.
In Miami-Dade’s case, Smith said, the hackers put one of the ISIS-inspired photos on a school district website, but Miami-Dade didn’t find any evidence of malware or access to its computer systems. “I would say if anything, it was an attempted hack,” Smith said. “But it was raised up to law enforcement and we did go through all the systems.”
SEARCHING FOR STATE VOTING SYSTEMS
As UDT conducted its investigation, the company learned that Social Security numbers weren’t the only thing the hackers appeared to be after.
On a site hackers use to brag about their exploits, the hackers said they were trying to get into voting systems hosted by Diebold voting platforms. They wanted to bring down what they thought were state voting systems.
But in this case, the hackers did not appear to be Russian. Instead, UDT identified them as a Morocco-based group called MoRo. UDT said there is no evidence the hackers had any connection to the Moroccan government.
The Moroccan hackers were far from the only ones trying to access election systems last fall. Russian hackers tried to break into the computer systems of at least five Florida county elections offices days before the 2016 presidential election.
By the time the Moroccan hackers posted online about voting systems, in December, the election had come and gone. The hackers never found what they were looking for. But their message was clear, Sanchez said. If they wanted to, the hackers could get into school district systems. And once they get into one government network, cybersecurity experts say, it’s easier for hackers to find a back door into others.
“That is a very common tactic,” Kaiser said. “A school district network almost likely is attached to other networks in the town or city or even the state, depending on how the network is set up.”
For example, a hacker could steal the log-in information for a system administrator who also has access to other government networks, Kaiser said, or use that person’s email account to send emails infected with malware to government employees at other agencies, tricking the recipient into believing the sender also works for the government.
“There are a lot of different techniques that they might use in that situation and getting into the network opens all of that up,” Kaiser said.
Sanchez from UDT said that in mapping out school district networks, the company has discovered connections between school computer systems and different county and city systems. The connections are easy for school districts, “caught up in the day-to-day stuff,” to miss, Sanchez said.
“Sometimes the school districts don’t have all of the right tools in place or the right knowledge to map out these networks,” he said.
It’s impossible for school districts to protect against every potential threat, experts say.
For one thing, everyone from the cafeteria worker to the school principal has access to at least some student information.
In 2014, a fired Miami-Dade schools cafeteria worker was sentenced to almost seven years in prison for stealing the personal information of hundreds of students from a school computer network and using it to commit income-tax fraud. A few years earlier, a Broward Schools employee was sentenced to five years in prison for selling teachers’ Social Security numbers and dates of birth to identity thieves.
School districts also typically have tight budget constraints, which impact their ability to hire a big enough cybersecurity team and pay for the necessary tools to protect school networks.
“Security is always a tough item in the budget because a lot of it is proactive,” Smith said. “A lot of it isn’t things that you see huge benefits or direct results from. It’s almost like insurance. You’re buying it hoping that you’re going to prevent things in the future.”
Miami-Dade has a team of six people focused just on cybersecurity, and another 20 who help with cybersecurity issues in addition to other tasks.
The district has dumped older operating systems and applications that are difficult to secure and added new tools to identify where attempted hacks are coming from, said Debbie Karcher, the district’s chief information officer. Miami-Dade has also made an effort to educate employees and students about cyber threats, Karcher said, and even offers cybersecurity programs at some high schools.
“People need to become acutely aware that their digital security is as important as their home, valuables in their home,” Karcher said. “They take great care to lock their homes, lock their cars, but then they’ll click on emails that they don’t recognize the sender, they don’t use good passwords.”
The district has also restricted the data employees have access to in order to prevent breaches like the ones carried out in the past by unscrupulous employees, Smith said.
But, like any large organization, Miami-Dade still worries about cyber attacks. “As far as breaches through our data systems, we haven’t seen evidence of that on our side,” Smith said. “That’s always a big fear. We hold every student’s [personal information].”
It’s a worry Sanchez wishes more school districts shared. To effectively prevent cyber attacks, he said, administrators first have to recognize the seriousness of the threat and prepare their employees accordingly.
“Sometimes I just scratch my head and think, ‘Are these people asking the right questions or do they just not want to know? Is it safer not to know?’ I think for me we’re messing with kids’ information. Little Johnny, by the time he finds out his credit is ruined, it’s too late.”
UDT Named to CRN’s 2017 Solution Provider 500 List
DORAL, Fla.–(BUSINESS WIRE)– UDT, a leading national provider of technology solutions and managed services in the United States, announced today that CRN®, a brand of The Channel Company, has named UDT to its 2017 Solution Provider 500 list. The Solution Provider 500 is CRN’s annual ranking of the largest technology integrators, solution providers and IT consultants in North America by revenue.
The Solution Provider 500 is CRN’s predominant channel partner award list, serving as the industry standard for recognition of the most successful solution provider companies in the channel since 1995. This year, for the first time since 2010, the complete list will be published on CRN.com, making it readily available to vendors seeking out top solution providers to partner with.
CRN has also released its 2017 Solution Provider 500: Newcomers list, recognizing 58 companies making their debut in the Solution Provider 500 ranking this year.
“We are honored to appear on this list again, since it’s symbolic of our continued commitment to innovation and helping our customers maximize their investment in technology,” said Henry Fleches, CEO and Co-Founder of UDT. “Our organization continues to grow significantly in all areas but especially around Cybersecurity, Cloud and Mobility! The team at UDT is deeply committed to our customers and their specific business outcome needs. I am extremely proud of our team and our accomplishments.”
“CRN’s Solution Provider 500 list spotlights the North American IT channel partner organizations that have earned the highest revenue over the past year, providing a valuable resource to vendors looking for top solution providers to partner with,” said Robert Faletra, CEO of The Channel Company. “The companies on this year’s list represent an incredible, combined revenue of over $318 billion, a sum that attests to their success in staying ahead of rapidly changing market demands. We extend our sincerest congratulations to each of these top-performing solution providers and look forward to their future pursuits and successes.”
The complete 2017 Solution Provider 500 list will be available online at www.crn.com/sp500 and a sample from the list will be featured in the June issue of CRN Magazine.
@TheChannelCo names @UDTCorp to @CRN 2017 SP500 list #CRNSP500 www.crn.com/sp500
UDT is a technology enabler that helps clients in major industries evaluate, architect, provide, secure, and manage technology on the go, in the rack and in the cloud. UDT provides flexible and interoperable services, including mobility, cloud, collaboration, data, cyber security and software and IT as a service. The company also provides technical, professional and managed services. Accomplish more with UDT: www.udtonline.com
About the Channel Company
The Channel Company enables breakthrough IT channel performance with our dominant media, engaging events, expert consulting and education, and innovative marketing services and platforms. As the channel catalyst, we connect and empower technology suppliers, solution providers and end users. Backed by more than 30 years of unequaled channel experience, we draw from our deep knowledge to envision innovative new solutions for ever-evolving challenges in the technology marketplace. www.thechannelco.com
The Channel Company