FCPS Ransomeware Attack Leaves Many Questions

When IT security is most important, the school system of FCPS was the target of a cybersecurity incident on Sept 11, 2020. According to Infosecurity Magazine, a computer hacking group called the Maze broke into the FCPS system and obtained some of the FCPS staff and students’ information. FCPS is only one of 53 school systems that have been affected by ransomware since January, according to the Infosecurity article.

FCPS has about 189,000 students, according to its website. Their official statement on the incident said that only a small subset of these students and staff information has been released, and they have informed individuals as needed. Despite the reassurances, students like 8th grader Sicilia O. are still worrying.

“I am just a little concerned about my stuff being released,” said Sicilia. “I only trust FCPS a little bit with the problem.”

After trying to follow the information from the county throughout the pandemic, and when the incident first happened, Sicilia is less than happy about the county’s communication skills and is a little dubious about their cybersecurity as well. Gautam Sethi, Chief Information Officer for FCPS, did his best to address these fears.

“We’re working with top cybersecurity experts to identify ways to improve our security and have already implemented a series of enhancements, including the use of multi-factor authentication, which provides an added layer of security for our community members’ FCPS network and Google accounts, should they choose to use it,” Sethi explained.

Multi-factor authentication is a way to grant access to websites and applications only after passing two or more pieces of evidence to an authentication mechanism. Onelogin, a security platform, defines authentication factors to include knowledge (like knowing a pin or the answer to a security question), possession (like having a smartphone that receives a special one-time code), and inherence (that’s something you are, like a fingerprint or voice recognition.)

By this time, FCPS has informed everyone that has been impacted by the cybersecurity attack, but some students are still feeling a lack of information.

“I feel like FCPS should be more open with what they are doing because we have barely heard anything from Fairfax county about this problem,” said Sicilia.

Most of the information has come in the form of emails to parents or very carefully worded press releases, which students often miss. Also, they don’t give students the reassurance they need. The county maintains they are being as open as they can be.

“We strive to maintain a community of trust and integrity. To that end, we aim to be transparent with the FPCS community and continue to look for ways we can be as proactive and communicative as possible,” said Sethi.

Maintaining cyber-security in the wake of this incident is dependent on everyone that uses the system. Common sense best practices include: Don’t click any suspicious links, don’t open any weird emails, and don’t download anything from websites.

“We are strongest when everyone is vigilant about their own cybersecurity and participates in detecting and reporting issues,” said Sethi.