At Aviation High School, students worry about the safety of their data while teachers bemoan the lack of a high level computer skills program.
Schools are at a higher level of digital security risk because they have less control over their servers. “The main difference for an IT Administrator of an academic institution versus a corporate network is the fact that most school IT admins do not have control over the PCs that are connecting to their network,” says Hiep Dang, director of operations for web and email security at digital security company McAfee, “They have to allow students to connect to the school’s network, keep it safe, while not impacting their students’ ability to learn. In the corporate world, all PCs are owned by the company and it can set policies to allow or not allow certain software to be installed.”
The threat of hacking is high even for students on campus. Students have to know how to protect their Internet-accessible technology, especially when they might be using unsecured Wi-Fi or unsecured internet access lines.
“Students are now using multiple Internet connected devices more than ever. If these devices, such as smart phones, laptops and Macs, are not protected then they are more vulnerable to identity theft, malware, hacking, viruses and other potential hazards,” says Dang, “These assets include things like homework files, resumes, music downloads, entertainment files, and digital photos.”
To properly protect their computers, all users need to have at least a small degree of computer literacy.
“Here’s the thing: a lot of people my age say that oh, the kids know computers better than they do,” said AHS Programming teacher Nik Joshi, “It’s been my experience that kids don’t really know how to use computers. They know how to download music, they know how to use the Web, they may be comfortable with it, but they don’t know how the computer works. Most kids don’t know how to set up a network, or if they do set up a network, they don’t know how to fix a problem on the network. And I think these are useful skills.”
If AHS were to be hacked, students’ personal information would be at risk. Even if one only considers the assignments saved on the server, this becomes a problem. A malicious student could delete other students’ hard work. If such a thing happened right before a major deadline, grades could plummet as a result. Teams such as Skunkworks Robotics and Science Olympiad who save their documentation for awards on the school server could find themselves out of the running in competitions.
The situation would become even more harrowing if the hacker was an adult. The district’s Student Information System (eSIS), located at the district offices (ERAC), holds medical records, parent contact information, student contact information–even social security numbers.
Some security can be purchased. Cyber security giant McAfee offers packages that range from covering a single computer to protecting a whole school.
However, Aviation High school doesn’t use McAfee security; instead, it uses Highline School District-provided Microsoft Forefront Client Security, and its computers are protected on the Internet by iPrism. iPrism is used to block mature or potentially malware-infested sites. In addition, it blocks pop-ups that could potentially lure students into downloading malicious programs.
“Don’t think of iPrism limiting students’ access but rather protecting the students, staff and school district from malware, spyware, and inappropriate content,” says Ty Ivy, Aviation’s resident computer support technician. He says, “It also helps enforce acceptable use and security policies. iPrism Web Filter enables the district to mitigate the risks of legal liability, prevent security breaches and stop the erosion of network resources.”
Most students resent the iPrism security simply because it hampers their ability to surf the web.
“iPrism just straight out annoys me, and that’s mainly because of the purpose that I like to explore the web all over the place, and it’s very limiting,” says Paula Cieszkiewicz, a junior at Aviation High School, “Yet at the same time I can understand it’s purpose, that it’s intended to limit our exposure to certain things on the Internet that may not be school appropriate. I believe it’s too limiting though. … The system is intended to be useful, yet at times it’s so over the top that I see it as being a burden rather than a a tool.”
Elsewhere, there has been some fear that teaching students to become computer-literate will invite hacking. At AHS, a known STEM school, the attitude is different. “Whether a student poses a threat or not is a measurement of a student’s character,” says Joshi, “Whether that student chooses to do positive things with the computer or negative things with the computer speaks to that student’s personal character and ethics; it says nothing to the relation to whether they know how to use a computer or not.”
Those in the corporate world agree. “Hacking is a skill, but it’s the intentions of the hacker that makes it bad,” says Dang, “Similar to Star Wars, where both Jedi Knights and the Sith have the powers to use the Force. The Jedi have dedicated their lives to using their powers for good, where the Sith use the Force for evil. Hopefully, teachers and parents will teach their students/children to use their education and skills for the purposes of good rather than evil.”
However, even student hackers aren’t necessarily malicious. “For students, it’s usually due to curiosity and sometimes bragging rights to their friends that they were able to do something,” says Dang.
“Often, the kids who try to hack into systems, they’re very bright, they’re very enthusiastic, they’re passionate about this,” says Joshi, “and they’re exactly the kind of kids we want to teach. They have the characteristics we want every student to have, to be passionate about something and want to work on it in their spare time. It’s just that we don’t recognize these kids and, to use a comic book term, we don’t let them use that power for good. So they naturally look at other challenges.”