A month after cyber-threats to area schools caused three days of cancellations, Whitefish School District Technology Director Chris Deister recently shared the Whitefish district’s response to threats.
Deister addressed the Whitefish School Board during its Oct. 10 meeting.
Starting on the evening of Sept 13, a group of cyber-terrorists targeted Flathead Valley schools, in particular gaining access to Columbia Falls School District’s internal network and student data. Over the subsequent weekend authorities from the Flathead County Sheriff’s Department and the Federal Bureau of Investigation determined that there was no physical threat to area students, and classes resumed the following Tuesday, Sept. 19.
Deister first learned of the cyber-threats after 9 p.m. on Sept. 13 via District Superintendent Heather Davis Schmidt, he said.
Immediately Deister took action.
“As the night progressed into early morning, things accelerated,” he said. “We disconnected from the Internet based on some information we’d been given from the Sheriff’s Department along with the FBI. So we just totally unplugged.”
Over the next few days Deister, along with other Flathead Valley technology directors and superintendents, met with FBI and National Security Agency authorities to ensure the right steps were being taken to keep any threats at bay.
On Sept. 18, when district staff returned to work, Deister said he worked with Lake Missoula Group, the cybersecurity agency contracted to help during the threats, to determine that data on the Whitefish school servers was secure.
“[Lake Missoula Group] scanned our network a total of I think four times, by the last time we were really tightened down,” Deister said.
Some preventative steps taken by Deister and the district may have played a role.
Earlier in the summer the district upgraded its firewall to what Deister described as a “next generation” system, which comes with more access and customizable features for the user. While the old firewall was still up to date, Deister said it was coming to the end of its usable life.
What made Columbia Falls the target, he said, was simply a vulnerable opening in the network.
“Unfortunately, I think the reason Columbia Falls was [the target] is because they just had some open back doors that they forgot to close,” he said. “They came in through remote desktop, which we don’t have open to the outside, and once they got in they were probably able to put some password sniffers out and get some administrator accounts and have full access to their network.”
“As far as our network and people looking in on us, they can’t really see anything. And we monitor that, we get fresh updates daily,” he added.
Board trustee Marguerite Kaminski asked Deister if any part of the cyber-threats surprised him throughout the process.
“I was surprised that they had the FBI and the NSA involved and they still couldn’t catch them, and still have not caught them. But you have this whole dark web out there that works together to keep that from happening, to keep them from getting caught,” he said.
“From the beginning, I was never worried about a physical threat.”