Syndicate content

hacking

What to do after your education system is hacked

Michael Trucano's picture
Help! I've been hacked!
Help! I've been hacked!

In my experience working with education officials around the world over the past two decades, the confidence of senior leadership in an education system's approach to computer and data security is often inversely proportional to how much time, energy and expense have been devoted to considering security issues, to say nothing of the robustness and comprehensiveness of related approaches being deployed.

As part of my job at the World Bank, I help ministries of education think through issues related to the use of new technologies in education. Along the way, there has been, in my experience and generally speaking, comparatively little attention, energy and resources paid to issues of computer and data security as part of the rollout of digital technologies in education in many parts of the world, and especially in middle and low income countries, where I spend the bulk of my time.

At a basic level, this should not be too surprising. Resources are often quite scare, as is related know-how. Most initiatives focus first on introducing computers (and later tablets and other gadgets) into schools, and on rolling out and improving connectivity. Many countries new to the use of computers in schools are challenged to adequately handle some of the most basic security-related tasks, like installing (and keeping updated) anti-virus packages on individual devices. And to be honest: The initial stakes are often quite low. Only over time, once a critical mass of infrastructure is in place -- and is being used -- do thoughts turn to any significant extent to issues of computer and data security. But still: Unlike passing out shiny new tablets to schoolchildren or cutting the ribbon on a new educational makerspace, strengthening an education system's security practices typically doesn't make for compelling photo opportunities. For education ministers who typically enjoy short tenures in their jobs, it's often quite logical to leave such issues for the next lady (or guy) to handle.

That said, as connectivity spreads and improves, and as education systems move beyond a patchwork of often small and uncoordinated pilot projects to become more dependent on their ICT infrastructure at the classroom, school and system level, 'security' is gradually added to the list of responsibilities of a few staff, related budget line items are established, and sometimes small units are formed inside education bureaucracies.

Even then, though, digital security concerns usually tend not to be prioritized by ministries of education, and much of what is done is reactive in nature. In my experience, only when one of two types things take place do computer security issues get real attention: (1) when there is a move to computerized, especially online, testing; and/or (2) when something important is 'hacked'. (There is a third catalyst for action -- government regulation -- but that typically occurs only after one or both of these first two things have occurred.)

During dialogues with government around 'edtech issues', it's been my standard practice to try to insert a bullet point related to 'security' onto the formal agenda. For the most part, this has been tolerated ("of course we think security is important!"), but (if I am being honest) not always particularly welcome, and it is often the last agenda item, the kind of thing where the related discussion gets cut short and people close by saying, "We wish we had more time to discuss this."

In the past two years, however, things have begun to change a bit. While still never the focus of our discussions, people from a number of ministries of education with which I have worked have begun to bring up this issue proactively. Often, related exchanges begin with some form of the question, "We are thinking about introducing online testing but are wondering if we might get hacked -- how worried should we be, and what can we do to prevent this from happening?"

My response to this sort of question is usually is something along the lines of, "You are right to be worried, and there are a lot of things you can and should be doing as a result." (Whether or not online testing is actually a good idea is a separate question, and discussion.) We then quickly talk through a number of the standard high level issues, topics and concerns, touch on the feasibility and cost of a number of related first (and second, and third, and fourth ...) steps that need to be taken, and at the end draw up a list of names and organizations for potential follow-up. Before the discussion 'ends' (a discussion about computer security never actually 'ends', of course; once opened, Pandora's Box can never be fully closed), I make sure to make the following statement, and pose a related question:

Prevention is important. Obviously! I am glad to see that this is increasingly prominent on your agenda. If you have a checklist of things you are concerned about, and a list of how you are addressing them, we can take a look at it and talk through some potential related issues, to the extent that this might be useful. We can also talk about some other countries where some bad things have happened, in case any of those stories might be of interest.

But, no matter how successful you are when it comes to protecting your digital infrastructure and your data, if you are using connected digital technologies in your education system, at some point in the future:

You. Will. Be. Hacked.

Weekly wire: The global forum

Roxanne Bauer's picture

World of NewsThese are some of the views and reports relevant to our readers that caught our attention this week.

Culture gives cities social and economic power, shows UNESCO report
UNESCO

Culture has the power to make cities more prosperous, safer, and sustainable, according to UNESCO’s Global Report, Culture: Urban Future to be launched in Quito (Ecuador) on 18 October. The Global Report presents evidence on how development policies in line with UNESCO’s conventions on the protection and promotion of culture and heritage can benefit cities. Current trends show that urbanization will continue to increase in scale and speed, particularly in Africa and Asia, which are set to be 54 and 64 percent urban by 2050. The world is projected to have 41 mega cities by 2030, each home to at least 10 million people. Massive and rapid urbanization can often exacerbate challenges for cities creating more slums and poor access to public spaces as well as having a negative impact on the environment. This process often leads to a rise in unemployment, social inequality, discrimination and violence.

Sustainable Cities: 3 Ways Cities Can Contribute to a Renewable Energy Future
HuffPost Blog

This week, global policy makers gather in Quito for the Habitat III Conference to reinvigorate the global commitment to the sustainable development of cities. Meeting every 20 years, the Habitat Conference will this year focus on setting a new Urban Agenda. Within this context and for the first time ever, the Conference will also discuss the rapid deployment of renewable energy as a means to achieve a sustainable urban future. This could not be timelier. Dramatic cost declines and technological innovations, present cities with an unprecedented opportunity to transform and decarbonise their energy supply on the basis of a positive economic case - an option that did not exist when the Habitat Conference last convened in 1996. This is great news, considering cities are home to 54% of the global population and generate 70% of global emissions.

Geeking Out for Development: WaterHackathon Generates Solutions

Water Communications's picture

To find innovative solutions to water and sanitation development challenges, the World Bank and the Water and Sanitation Program are reaching out to new, rather unlikely partners.  Computer programmers, designers and other information technology specialists were invited by the World Bank and various technology partners to compete for 48 hours in 10 cities around the world this month.  Their aim: to create the easily deployable, scalable, and sustainable technological tools that respond to specific water and sanitation challenges in developing countries.