SecureWorld News recently covered a ransomware attack which disrupted remote learning for Baltimore County Public School students.
More than 100,000 students were blocked from attending online classes and meeting with teachers or counselors, frustrating students and their parents.
This was particularly bad timing for graduating seniors looking to apply to colleges, as they were unable to communicate and receive crucial information to make one of the biggest decisions of their young lives.
SecureWorld has now learned an audit was conducted earlier in the year by Maryland's Office of Legislative Audits, revealing weaknesses in the school district's security controls.
Baltimore County Public School's audit
The audit revealed there were more than a few holes in the district's security controls.
In the introduction of the 56 page audit, the Office of Legislature provides an overview of what Baltimore Public Schools (BCPS) needed to change in several areas, including information security.
This included the following findings.
"BCPS did not ensure that employee access to its automated financial systems was appropriate and adequately controlled, resulting in employees with unnecessary or incompatible access. Sensitive BCPS personally identifiable information was maintained in a manner that did not provide adequate security safeguards."
Event Logs relating to Access:
"For two critical systems’ databases, security and audit event logging and monitoring procedures were not adequate, and unnecessary elevated system privileges were granted to numerous user accounts."
IPS and network issues:
"Twenty-six publicly accessible servers were improperly located within the internal network, intrusion detection prevention system coverage for untrusted traffic did not exist, and BCPS network resources were not secured against improper access from students using wireless connections and high school computer labs.
If you want to read a detailed analysis of these findings and the recommendations provided, you can read the Baltimore County Public Schools Audit.
It is unclear if the cybersecurity shortfalls identified in the audit opened the door to the district's recent ransomware attack, but hopefully responding to this incident will encourage the district to address them.