pinkeyes - stock.adobe.com
Australia’s New South Wales (NSW) department of education was hit by a cyber attack last Thursday, days before remote learning commenced in the new school term this week.
NSW Education Secretary Georgina Harrisson said the department’s priority was the safety and security of its student and staff data, and that it had made the precautionary decision to take some systems offline while it investigates further.
Harrisson noted that the timing of the cyber attack would create considerable challenges for staff as they prepare for the start of term three. “Thankfully, our teams have been able to isolate the issues and we are working to reactivate services as soon as possible,” she said.
The NSW department of education and Cyber Security NSW teams have been working to ensure normal access is restored in time for the start of the new term.
Harrisson said she was confident that the issue would be resolved, and reassured teachers and parents that there would be no impact on students learning from home.
The state is currently battling a surge in the number of Covid-19 cases, with schools switching to home-based learning amid a lockdown that is likely to be extended.
“Whilst we are confident all systems will be back online before Day 1, Term 3, we are making information to support home learning available on our public website so that preparations for the start of term can continue.”
Read more about cyber security in Australia
- Australian healthcare provider Eastern Health takes IT systems offline as a precaution while it looks into a cyber incident.
- Australian state agency Transport for New South Wales is the latest victim of the supply chain attack against Accellion’s legacy file transfer system.
- Australia’s latest cyber security strategy includes centralised management of networks and a voluntary code of practice for deploying internet-connected devices, among other areas.
- Supply chain security risks can wreak havoc for Australian firms if measures are not taken to deter cyber attackers from exploiting a supplier’s security gaps to target another firm.
The incident has been referred to the NSW Police and federal agencies, and the department of education noted that it was inappropriate to comment further as the matter is under investigation.
Catherine Friday, managing partner for government and health sciences at EY Oceania, noted that international intelligence agencies have long warned that education is the next target for state-sponsored and sophisticated cyber attacks.
“Their complex ICT footprints provide ample opportunity to compromise systems, and the wealth of valuable personal information, as well as intellectual property, advanced research and technology innovations offer significant incentives to a broad range of malicious cyber actors,” she said in the aftermath of the attacks against Australian National University and Australian Catholic University in 2019.
According to the Office of the Australian Information Commissioner’s (OAIC) latest Notifiable data breaches report, education was the among the top three most breached sector during the second half of 2020, behind healthcare and finance.