District 207 Approves Cybersecurity Contract In Wake Of Attempted Breach - Journal & Topics Media Group

District 207 Approves Cybersecurity Contract In Wake Of Attempted Breach
By Igor Studenkov | on June 08, 2022

FacebookTwitterEmailMessengerCopy LinkPrintShare

(iStock.com/Rko1234)

Maine Township High School Dist. 207 Board of Education voted unanimously on Monday (June 6) to award a one-year cybersecurity contract to the company that helped the district prevent a security breach a few weeks earlier.

The district considered bids from seven vendors. When one of the bidders, Texas-based Crowdstrike, was demonstrating what it could do, it caught an unknown party trying to access the district’s administrative passwords. It subsequently helped the district secure the system.

Even though Crowdstrike submitted the second-lowest bid, this, along with the span of its expertise, swayed Dist. 207 in its favor.

Don Ringelestein, the district’s chief technology officer, told the board that the “cyber security incident” was discovered on May 19, and Crowdstrike helped them defend the system until May 27. He emphasized that it wasn’t a “breach,” since the hacker didn’t get their hand on any secured information.

Ringelestein said that the district never faced that kind of hacking attempt before, and he could only speculate about why someone would want their administrative passwords.

Dist. 207 websites and email systems were hacked in November 2020, but the hack was different from trying to gain access to the district’s servers, board members were told.

According to Ringelestein’s memo to Supt. Ken Wallace, Crowdstrike “detects and protects the district’s computers” and “connects us with a security operations center that will allow them to detect and fix any problem attacks against our system.” Aside from the fact that Crowdstrike proved their mettle, he argued that their services were more comprehensive, since the lowest bidder would only cover four servers.

The contract is worth $105,600. While the district originally considered giving the winning bidder a three-year contract, it ended up going with a one-year contract instead.

Later in the memo, Ringelestein argued that hiring someone to handle cybersecurity in-house makes no sense, since anyone who would be trained to do that kind of security monitoring would parlay their training into a higher-paying private sector job, which would “create a revolving door for the cybersecurity operations staff.”

During Monday’s meeting, board member Ashley Kilburg asked whether the security would also protect staff Chromebooks. Ringelestein said that the only thing it can do is watch network traffic coming from them. However, since “Chromebooks are very hard to compromise,” he said, he doesn’t foresee this being much of an issue.