“Instead of collecting data by doing a survey electronically, they got to roll dice and color it in,” Hawthrone said of her students. “It was making things more hands on than I would normally if I had technology to grab their attention.”

Credit: Miguel Martinez

Credit: Miguel Martinez

A month after reporting that it would restrict internet access because of “suspicious activity” on its internal network, the south metro Atlanta school system — the eighth largest in the state at around 43,000 students — is still largely operating without the web.

Days after the Nov. 9 breach, administrators dusted off overhead projectors to demonstrate how to diagram sentences or employed gingerbread houses in architecture classes to discuss structural engineering because computer models were unavailable.

As the weeks rolled on, many homework assignments were completed with paper and pen, while substitute bus drivers had to be guided by central office personnel on unfamiliar routes because they lacked access to GPS.

“We’ve become so routinely accustomed to going lots of places all at once in order to manage the workflow of our day,” Superintendent Mary Elizabeth Davis said of reliance on the internet, adding that the school systems is slowing rebuilding its network one program at a time out of an abundance of caution.

“There’s retooling, rethinking and replanning around routines in the classroom,” Davis said.

Ransomware attack

The motive for the attack has not yet been made public. The school system has launched an investigation that includes state and federal authorities and the district’s cyber security insurers.

“This has been identified as a ransomware attack originating from a criminal operation operating outside the United States,” Davis said in an interview with The Atlanta Journal-Constitution. “We’re getting clarity on the scope but we’re not entirely clear on the impact.”

When asked if the attackers had demanded a money in the breach, Davis replied: “That’s really in the hands of our insurer.”

David Barton, managing director of cyber security firm UHY Advisors, said Henry Schools is wise to rebuild its network slowly. The cyber attackers more than likely created “back door” opportunities in the software for more breaches. To be safe, the district’s IT team has to be methodical in scrubbing and restoring the system so they can avoid facing another strike, he said.

“The malware is becoming more sophisticated as are the bad actors,” Barton said. “They have figured out how to put back doors in before they launch the ransomware. So even if you are able to recover your data, that back door allows them to reattack.”

The Henry breach is just the latest in a series of cyber attacks over the past decade at schools, metro Atlanta governments and businesses. Some attackers have sought payment to release data from their clutches while others just want to demonstrate network vulnerability.

Among schools, cyber attacks against Fulton County and Atlanta Public Schools forced the districts to pay thousands to employees whose salaries were stolen in phishing scams in 2017. The DeKalb County School District said a 2019 security breach of a school nutrition technology services company may have exposed the personal information of select students.

More recently, the Walker School, a private institution in Cobb County, alerted more than 1,000 people that their names, addresses and Social Security numbers were stolen during an October computer hack. And the University of Georgia notified faculty, staff and students earlier this year of a breach of a widely used file transfer program that could have compromised their personal data.

The attacks also have been felt nationally, with school systems in Los Angeles, Des Moines, Iowa, Las Vegas and Prince Georges County, Maryland, struggling to protect student and staff information. Some have been forced to offer credit counseling and cancel school for a few days while the issues were addressed.

Leaders of metro districts say they are on notice. Gwinnett County Schools have thus far been spared any such attack, but they’ve been preparing for the possibility.

“GCPS has allocated considerable resources to cyber security, including hardware, software, and employee training, and ... (it) never stops evaluating the effectiveness of these protections and is consistently looking for ways to improve them,” school district officials said in a statement.

Credit: Miguel Martinez

Credit: Miguel Martinez

Back to basics

LaKeisha Gantt, a mother of a Henry Schools middle schooler and high schooler, said the lack of internet access has come with costs and benefits.

On the one hand, students need to master technology. But, she said, getting back to the basics of using paper and pen has exposed how dependent students have become on computers.

“We rely on technology so much and that’s not always good,” said Gantt, who also is a member of the Stockbridge City Council. “These kids can’t sign their names, they can’t do some of the normal functions that we’re able to do. I don’t see that this is necessarily bad.”

For instance, Gantt said her the outages has exposed a weakness in her daughter’s studies — she’s not the greatest speller.

“The reason she can’t spell is because when she types it in, it spells it for her,” Gantt said.

Jennifer Darling-Aduana, an assistant professor in Georgia State University’s College of Education & Human Development, said a prolonged outage could potentially have a detrimental impact on Henry students because assessments of their performance are due this time of the year, and testing agencies aren’t as flexible as school systems can be when there is no internet.

“A lot of assessments, especially nationally-normed assessments like MAP or a lot of local districts use I-Ready, require internet access,” she said. “And although they may have a pen and paper option still available, it often requires an entirely new process. It cannot use the same adaptive features that have become commonplace now in online assessments.

“That is a pretty big barrier to accessing business as usual,” she said.

Credit: Miguel Martinez

Credit: Miguel Martinez

Davis said the outage isn’t as big of an issue as it was at the beginning of the crisis.

Every day the district restores access to more and more internal operations, including payroll, recording grades digitally and the ability of middle school and high school students to take state-required computerized end-of-semester tests.

During a recent YouTube update, Davis said one of the district’s biggest challenges — changing every password in the system — has been completed at the high school level and would be finished at elementary and middle schools soon.

But she warned that the work is far from done and there are still a lot of questions to answer before the network can be fully recovered. Teams, assigned to make sure every program or essential piece of hardware is safe, are working around the clock to get the school system back to normal.

“The impact of this incident will not be fully known until the data mining team completes this essential task,” she said.