LAUSD approves emergency declaration after cyber attack

The Los Angeles Unified School District Board of Education unanimously approved an emergency declaration Tuesday in response to a cyber attack on the district's computer systems.

The resolution allows Superintendent Alberto Carvalho to sign emergency contracts to "ensure the continuation of public education, and the safety and security of its data, networks and servers" without advertising or inviting bids for any dollar amount necessary, for a period of one year.

The attack led the district to order teachers, staff and students to change their district passwords. The cybercriminal syndicate Vice Society took credit for the attack, according to the Associated Press.

Carvalho said the district was attacked with a ransomware tool but had not received a ransom demand. The district set up a hotline over the weekend providing tech support to help students and employees reset their passwords.

Officials detected unusual activity Sept. 3 from an external entity, prompting the district to deactivate all its systems in an "unprecedented" move.

Subsequently, the district contacted federal officials, prompting the White House to mobilize a response from the U.S. Department of Education, the FBI and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, according to the LAUSD.

"We did not know at that time what areas were targeted, what entity was targeting us," Carvalho said. "We were unaware how deep, how complex this incident, this action, was. So, as a matter of protection, we basically shut down every one of our systems."

The decision was "the right call at the right moment" because it restricted the damage of the cyber attack, according to Carvalho.

Classes proceeded as normal following Labor Day.

District officials described the incident as "likely criminal in nature," and said they were assessing the situation with law enforcement agencies.

The attack temporarily interfered with the LAUSD website and email system. But officials said employee health care and payroll were not affected, nor did the cyber incident impact safety and emergency mechanisms in place at schools.

Carvalho said the goal was to continue with classes to the greatest extent possible.

"After two-plus years of a pandemic that has truly robbed many of our kids' educational opportunity, has interrupted learning, we wanted to resume the schooling process as quickly as possible," Carvalho said.

District officials said they immediately established a plan of action to provide protection in the future, "informed by top public and private sector technology and cyber security professionals."

The plan includes:

  • Independent Information Technology Task Force: Charged with developing a set of recommendations within 90 days, including monthly status updates;
  • Additional human resources: Deployment of IT personnel at all sites to assist with technical issues that may arise in the coming days;
  • Technology investments: Full-scale reorganization of departments and systems to build coherence and bolster data safeguards;
  • Advisory council: Charged with providing ongoing advisement on best practices and systems, including emerging technological management protocols;
  • Technology adviser: Directed to focus on security procedures and practices, as well as conduct an overall data center operations review that includes an assessment of existing technology, critical processes and current infrastructure;
  • Budget appropriation: Directed appropriation of any necessary funding to support Information Technology Division infrastructure enhancement;
  • Employee training: Develop and implement mandatory cyber security responsibility training;
  • Forensic review: Expand ongoing assistance from federal and state law enforcement entities to include a forensic review of systems, and
  • Expert team: Creation and deployment of an expert team to assess needs and support the implementation of immediate solutions.