While online testing can provide many advantages — such as increased interactivity, consistency, repeatability and safeguards against cheating — it can also open up a new set of challenges.
In the 2015–2016 school year, most state-required summative assessments in U.S. elementary and middle schools were set to be administered using technology, according to a report by EdTech Strategies, a research and consulting firm. Because of that, thoughtful security measures were put in place to guard against attacks on those computer-based standardized tests.
Distributed denial of service attacks, which overwhelm school networks with prodigious amounts of traffic, are on the rise in K–12 districts across the country. These attacks can shut down school websites and phone systems, preventing users from accessing their applications and the internet. They are especially pervasive during standardized testing, often instigated by students who don’t want to take the tests. In Oklahoma last year, for example, a DDoS attack slowed down and stopped Broken Arrow Public Schools’ network as students were trying to take their state exams. IT officials were able to fend off the attack thanks to help from their internet service provider and firewalls. Because of Broken Arrow’s swift action, the only setback was that testing took a lot longer than normal.
Deborah Karcher, Miami-Dade County Public Schools CIO, says school districts need to stay vigilant as state tests are administered, because the results of a DDoS attack can be a lot worse then.
“We are on a heightened level of awareness during testing,” she says. “We watch our network, and it allows us to react a lot more quickly.”
A district’s internet service provider may help stop most DDoS attacks, especially large-scale attacks. But subtle attacks sometimes slip through. With these under-the-radar incidents, attackers may try to expose specific network vulnerabilities, such as firewalls.
Designing a secure network is key to mitigating damage from a DDoS attack, according to Jeremy Cox, a network manager and information security officer at Washington County School District in Utah. A network’s architecture needs to include more than one firewall to protect both internet and phone service. IT staff can also help to fend off DDoS attacks by using network monitoring, Cox says.
To learn more about how Karcher and others defend their school and district networks against attack, read “On High Alert."