Accelerate Cybersecurity with Zero Trust and Other Efforts
For LAUSD, boosting cybersecurity across the district is an ongoing process. Knowing that their district did not have a well-defined risk management framework, they adopted the National Institute of Standards and Technology Cybersecurity Framework. As a result, they are in the process of adopting a zero-trust framework that includes continuous network monitoring, least-privilege access and microsegmentation.
The district also adopted Palo Alto Network’s security information and event management and security orchestration, automation and response (SIEM and SOAR) platform to help monitor logs. However, with the platform ingesting billions of logs over a short period of time, it’s impossible for the IT team to analyze and take action on all of the data. This is where the district is looking to leverage automation instead of human personnel, Meraz said.
Finally, the district had a maturity assessment using the NIST framework, which revealed that it had no security baselines. The assessment reiterated the importance of having an out-of-band communication tool in the event of another incident.
DISCOVER: This school system stood up a 24/7 security operations center.
Incident Response Plans Need Practice, Practice, Practice
While LAUSD had a skilled staff that quickly executed its incident response plan, Meraz and Romero noted that the team came to some key realizations after the attack.
Among them: Incident response plans can get dusty from lack of practice or use, Meraz said.
“Sometimes if you look at them, people who are playing key roles may have left the [district],” he said. “So now, to get that muscle memory and team building, every other Friday we do incident response and bring in other groups to help people get into the mindset of the role they play.”
For those looking to improve their incident response plans, Romero recommended identifying “incident commanders” who know the environment very well and can cut down on response time, close off access and slowly recover the environment.
Because time is of the essence, Romero said, having an incident response partner on retainer would have also been great, as they can do more than just provide support during incidents — they can also work proactively to take action before an incident escalates, he said.
WATCH: IT Experts reveal critical incident response best practices for K–12.
Schools Must Eliminate Shadow IT by Tracking All Technical Assets
“If you have shadow IT, you have technical assets that you are not aware of, and if you can’t identify a technical asset, you can’t protect it,” Meraz said.
District leaders are now working to eliminate shadow IT and bring them under the district’s main IT division. Romero further explained that not having awareness of what tech other departments have running, or a baseline for their cybersecurity efforts, gave threat actors a way in.
Schools Must Leverage AI for a Mature Cybersecurity Program
“At the end of the day, we are never going to have enough people,” Meraz admitted. “And if you think of the threat actors, AI is in their hands as well.”
He noted that artificial intelligence and automation could become a critical force multiplier. From his perspective, AI could be a particularly valuable part of the SOAR playbook.
Join EdTech as we provide written coverage of CoSN2024. Bookmark this page and follow us on X (formerly Twitter) @EdTech K12.
