SALISBURY – Rowan-Salisbury Schools has restored internet services, but it’s still rebuilding internal systems after a cyber attack last week.
The district initially referenced the Dec. 29 event only as a “cyber incident” in previous statements, but Chief Technology Officer David Blattner and N.C. Joint Cyber Task Force member Sharon Tufts both referred to the incident as an attack during a Wednesday meeting of the district Board of Education.
Blattner said the district identified the attack within eight hours of it occurring, and the district’s information technology staff contained it within a day. The task force was notified and sent staff to help the district in the wake of the incident.
The district brought back phone service in two days, its core systems in three and its internet services in four.
The National Guard also sent professionals to collect data and analyze the incident. They determined the breach was not a system failure. Instead, it was the result of a compromised account.
Blattner said no confidential information was stolen and the incident did not affect district payroll or the ability to operate schools. It resulted in some loss of old files. Many pieces of software are still not working.
The incident affected Windows devices, including some in Career and Technical Education classes as well as some central office departments that rely on Windows machines. Printers connected to the district’s network were also not functioning as of Tuesday. Blattner said the district has to work with Sharp to get its printing services back online.
Apple devices, which include tablets issued to each student, were not affected.
Tufts told the Rowan-Salisbury Board of Education about the task force, noting it is a partnership between a number of state organizations as well as the FBI, the U.S. Secret Service and the Cybersecurity and Infrastructure Security Agency. They provide aid free of charge.
She said the number of cyber attacks has more than tripled since 2019. In North Carolina, there were 10 “significant” incidents in the public sector 2019, which jumped to 24 in 2020 and more than 20 in 2021. The typical cost of an incident is about $700,000 to $1 million.
Tufts commended RSS staff for how they handled the incident. She said most incidents are not identified until more than 190 days after they occur, but RSS found the breach and contained it within a day.
She said most breaches take months to recover from and it typically takes about 17 days to bring the basics of a network back online, but RSS had its network functional six days after the attack.
Blattner said the district worked on securing and bringing email system back online first. It takes time to rebuild software connections. Superintendent Tony Watlington said there will still be some inconveniences for departments as the district rebuilds.
Tufts said the district’s team has worked tirelessly on the breach. This was the fastest recovery she has seen.
“They absolutely deserve all the accolades we could possibly bestow on them,” Tufts said.
She noted the lack of information theft in this incident and that personal information has been stolen and sold in the dark web in most cases she’s worked on.
“You are unbelievably lucky that did not happen here,” Tufts said.