SCHUMER REVEALS: CENTRAL NEW YORK SCHOOL DISTRICTS HAVE BEEN HIT WITH NINE CYBER-ATTACKS THIS YEAR, PUTTING VALUABLE DATA AT RISK & COSTING TAXPAYER RESOURCES; SENATOR CALLS ON FEDS TO UNCOVER FACTS & HELP PREVENT FUTURE ATTACKS
The Central New York Regional Information Center, Which Provides Technology Services To Over 50 Local School Districts, Has Fallen Victim To 9 Recorded Cyber-Attacks Since April; Repeated Attacks Are Impeding Student Learning, Siphoning Valuable Resources & Could Jeopardize Student Data
Standing In Syracuse, Schumer Today Called On The Department Of Homeland Security (DHS) To Investigate These Attacks Immediately, Identify Gaps In Cybersecurity And Work Hand-In-Hand With Locals To Prevent Future Attacks
Schumer To Feds: Getting To The Bottom Of These Cyber-Attacks Is Essential For The Safety And Security Of All New Yorkers
Standing at the Central New York Regional Information Center in Syracuse, U.S. Senator Charles E. Schumer today called on the Department of Homeland Security (DHS) to immediately launch an investigation into the cyber-attacks that have plagued the Central New York Regional Information Center (CNYRIC), which provides technology services to the Onondaga-Cortland-Madison (OCM) Board of Cooperative Educational Services (BOCES) and its 23 component school districts. Schumer explained that CNYRIC has fallen victim to nine cyber-attacks in recent months, impeding both students’ and teachers’ ability to access educational materials and forcing officials to devote significant resources to addressing the attacks. While no data has been jeopardized to this point, Schumer added that repeated attacks could put valuable student information at risk. Therefore, Schumer is urging the U.S. Department of Homeland Security (DHS) to work with local officials to immediately investigate these attacks, uncover gaps in security and help develop a plan to prevent future attacks.
“Central New York school districts have fallen victim to far too many cyber-attacks in recent months, potentially putting valuable information at risk, impeding our students’ ability to learn in the classroom and costing taxpayers significant resources. Fortunately, none of these cyber-attacks have resulted in a breach of confidential information, but they still must be stopped in their tracks,” said Senator Schumer. “That’s why today I’m calling on DHS to launch an investigation into these cyber-threats immediately and work as quickly as possible to get to the bottom of this matter. The feds should work hand-in-hand with local officials to figure out exactly where these attacks come from, help fill gaps in cybersecurity and eliminate these threats in the future.”
There are 12 Regional Information Centers (RICs) in New York State, which are organized under the Board of Cooperative Educational Services (BOCES), that provide 21st-century classroom tools to school districts across the state. Those services include technology integration training, data analysis, management applications and large-scale network infrastructure projects. In Central New York, CNYRIC provides technological services to OCM BOCES and its 23 component school districts in the region. In total, CNYRIC serves 50 school districts and four BOCES across eight counties in central New York.
According to reports, CNYRIC has been the target of nine cyber-attacks since April of this year. Schumer explained that the cyber-attacks were Distributed Denial of Service (DDOS) attacks meant to overload and essentially deny access to the network. CNYRIC has reported coming under this type of cyber-attack on April 11th, 12th, 13th, 18th and 20th; September 6th, 7th and 27th, and October 4th of this year. The cyber-attacks caused network-wide outages affecting all school districts within the CNYRIC, including OCM BOCES and its 23 component school districts. Without access to the network services of CNYRIC, students and teachers were left without access to online tests and other educational materials, causing loss of student learning hours and payroll for teachers being impacted. In addition, officials have had to devote significant resources to investigating the attacks and are considering purchasing expensive new defense systems. Schumer said that uncovering facts – like where these attacks are coming from and where gaps in security exist – will help CNYRIC determine the best response and where to invest precious dollars.
On the heels of these attacks, Schumer is urging DHS to immediately launch an investigation and work directly with local officials to prevent them in the future. The Senator said a DHS-led investigation can help determine the true culprits of the attacks, fill in security gaps where they exist and inform CNYRIC how best to fortify themselves against hackers. Schumer added that although there has been no breach of confidential and personal information related to students and employees to this point, an immediate, thorough and swift DHS investigation can help ensure this information will remain safe.
Furthermore, Schumer explained, district officials have warned that these cyber-attacks are not only directed at CNYRIC, but are also impacting other RICs across the state. Schumer said that the RICs have been coordinating efforts to aggressively respond to and halt the attacks, but that a DHS investigation is necessary to help guide decision making. Schumer emphasized that system-wide disruptions have the potential to create long-lasting harm on the health of the New York education system, especially if the attacks continue and become more widespread. As such, Schumer said that it is critical for DHS to help RICs develop the guidance needed to update and implement proper cyber-security measures.
A copy of Schumer’s letter to DHS appears below.
Dear Secretary Kirstjen Nielsen:
I write today to urge the Department of Homeland Security (DHS) to immediately launch an investigation into recent cyber-attacks targeted at the Central New York Regional Information Center (CNYRIC) and the school districts it provides services. If such an investigation has already commenced, I urge DHS to work in a maximally speedy, cooperative and supportive way to uncover the facts, and to assist New York’s Regional Information Centers (RICs) in recovering from this attack and in preventing additional attacks from occurring in the future.
As you may know, the CNYRIC is one of 12 regional centers in New York State that provide technological services to the States’ school districts. Throughout the past year, CNYRIC has been the target of nine cyber-attacks. These cyber-attacks were Distributed Denial of Service (DDOS) attacks meant to overload and essentially deny access to the network. CNYRIC has reported coming under these type of cyber-attacks on multiple dates -- April 11th, 12th, 13th, 18th and 20th; September 6th, 7th and 27th, and October 4th of 2018. The cyber-attacks caused network-wide outages affecting all 50 of the school districts that CNYRIC provides services for. Specifically, without the ability to connect to the network services of CNYRIC, student and teachers were unable to access online tests and other educational materials. The continual cyber-attacks not only put valuable data at risk, but they subverted teacher lesson plans and interrupted student learning.
Furthermore, district officials have warned that these cyber-attacks are not only directed at CNYRIC but are also affecting other RICs. All of the State’s RICs have been coordinating efforts to aggressively respond and halt the attacks in order to prevent future harm. As I am sure you know, system-wide disruptions have the potential to inflict long-lasting harm on the health of the New York education system, especially if those disruptions become more widespread. As such, it is critical that targeted Regional Information Centers (RICs) have the necessary information to defend against these cyber-attacks. A DHS-led investigation could go a long way toward supplementing CNYRIC’s ability to determine the true nature and culprits of the RIC cyber-attacks. In that vein, I urge you to work closely with state and local officials on the ground to ensure they have the guidance needed to update and implement proper cyber-security measures.
It is essential to the safety and security of New Yorkers and all Americans that we get to the bottom of this cyber threat and with all due speed. We must do everything we can to improve cybersecurity and eliminate threats for the safety of our country, at home and abroad. I am confident that you will address this matter swiftly and accordingly.
I thank you for your time and attention to this important matter. I look forward to working with you to address this issue as quickly as possible.
Charles E. Schumer