Case study: MGT assists in LA school district’s cyberattack recovery

INSIGHTS
MGT Aids in the Cyberattack Recovery at Los Angeles Unified School District, the 2nd Largest School District in the U.S.

This a two-part article. Click here for part two.

Immediately following the Los Angeles School District’s (LAUSD) cyberattack on Saturday, September 3, 2022, at 10:52 p.m. on Labor Day weekend, MGT technology and education groups helped to direct and manage the cyber threat containment and recovery efforts. The atmosphere at LAUSD was like a “war room.”

MGT’s approach to LAUSD was based on existing, cohesive relationships with the school district’s leaders on both the education and technology fronts. MGT was aligned with LAUSD’s mission of enabling student achievement & well-being through technology and education solutions that improve operational effectiveness and efficiency.


DAY ONE:
THE CYBERSECURITY EVENT

MGT was quickly immersed in the hectic atmosphere that results from a cyberattack ― meeting with the LAUSD team who had been working 24/7, the U.S. government, large technology vendors, insurance companies, incident response firms, and lawyers.

LAUSD is the second-largest school district in the country, serving approximately 600,000 students with 25,000 teachers, and 40,000 other employees. It is the second-largest employer in Los Angeles with a $10.7B annual budget. From a student, employee, and operations perspective, it is a massive enterprise with a variety of complex systems, similar to a Fortune 500 company. The impact of a cyberattack on the LA community was immense.

Up front, MGT supported the LAUSD Superintendent’s decision to not pay the ransom – it was not an option. If the ransom is paid, attackers will continue to threaten other schools.

According to Rajeev Bajaj, MGT executive vice president of Education Solutions, “Despite the disruption caused by the event, we knew we had to think about the situation in the context of a school district and continuity of critical services, focused on the main mission of educating children. That includes all the operations that support educating children ― providing meals to students, getting them on and off buses, ensuring that they have access to curriculum materials and digital resources ― all of the critical core components of operating a K-12 school district.”

LAUSD is a complex organization with immense operations that affect the entire community. The District operates almost as many buses as the Los Angeles County Metropolitan Authority and the LAUSD cafeterias serve more than 500,000 meals a day ― comparable to the daily output of some of the largest local restaurant chains. LAUSD has the largest school breakfast program and the second-largest national school lunch program in the U.S. The stakes for securely maintaining district functions and services were enormous.

 


WEEK ONE:
RECOVERY – KEEPING COOL UNDER PRESSURE

The environment following identification of a cyberattack is often chaotic. Strong communication is vital. There’s a lot of stress and long hours, which amplifies the disruption. The people working at LAUSD were being pulled in so many directions with requests from numerous organizations.

From LAUSD’s perspective, everything is in the moment. Emergencies need to be addressed immediately. It’s not a matter of what button to press to make it stop. MGT and other support organizations were prepared and collaborated to keep LAUSD on track for a swift recovery.

That’s why MGT Technology stresses preparation for cyberattacks. Having a plan to address an attack ― knowing who’s in charge, what needs to be done, and when. LAUSD did a very good job. They were prepared to act on their plan.

MGT helped to put a project management office structure in place to organize the response and recovery activities. “It was non-stop work, 18 to 20 hours a day, for several days and weeks. At LAUSD, there was a digital whiteboard with numerous pages of handwritten notes of things we had to do, what we were learning during the recovery, and the list wasn’t getting any shorter,” said Rajeev. “You might be working on one emergency, and then get another urgent request and start working on that. The list just gets bigger.”

The MGT team organized and tracked how action items were being executed, accomplished and reported each day, week after week. It was called the “war room” with a standing meeting each day with about 40 to 50 people with a singular focus of making progress.

Parachuting in on day one, there’s clearly a focus on what happened, how we recover, but also how we ensure continuity of service delivery, making sure that children, families, teachers, and employees can access schools. Having spent the last three school years managing through the pandemic, our approach was all about an integrated view of technology and education to help ensure continuity,” noted Rajeev.

As this event was unfolding, MGT approached the situation from an integrated technology and education perspective to help ensure that the core functions of the organization will continue delivering critical services. In this case, it was an educational institution, but it could be a city or county agency that is delivering vital services to community members.

INTEGRATED FOCUS: TECHNOLOGY & EDUCATION FOR PERFORMANCE CONTINUITY

MGT played a critical role in translating and executing the integrated needs of both education and technology for the school district’s continued operations and performance. MGT was in a critical position to help pull all the levers necessary for school openings, to get buses running, and cafeterias serving food. Any disruption would have long-term repercussions.

“We were waking up every day in the mindset of the client, LAUSD, and pushing on that perspective of ‘students first.’ We need buildings open. We need student operations and instruction to continue. That perspective was different than government officials who want to stop the cybercriminals or other companies trying to manage risks,” added Rajeev.

MGT was aligned with LAUSD’s primary interest of protecting students and the community. Rajeev recalled, “We took a client advocate role during the containment and recovery phases. That perspective is unique. We believe it’s all about ‘recovering forward’ ― building back the systems and the technology for greater resiliency and defensive posture, now and in the future.”

While the attack was initially a technology problem, recovering forward was ultimately about governance, organizational structures, and the policies that undergird education. That was the heart of the matter. MGT’s collective support for the school district addressed issues on multiple fronts by focusing on a holistic approach that took into account the processes and people that shape decision-making in a district as well as the technology and systems that deliver cybersecurity.

When a cyberattack strikes, navigating the immediate aftermath can be chaotic and overwhelming – similar to navigating the wake of a disaster like a hurricane or earthquake. Often in these events, technology vendors offer “silver bullet” products that claim to solve all cyber issues; however, it can be difficult to understand what solution is needed for when and how to prioritize different responses.   In these situations, MGT can serve as an “honest broker” weighing options and offering strategic advice for our partners. “Our purpose and value was to sort through and make sense of LAUSD’s needs and priorities as a client advocate. Client advocacy is a vital pillar of MGT’s approach,” said Rajeev.

MGT’s primary goal was to contain and recover from the cyberattack and get students in school as scheduled, safely. Fortunately, zero days of school were missed. Because the cyberattack occurred on Labor Day weekend, there was an extra day for technology, educational, and operational support to enable new logistics for school openings, bus transportation, and food services.

MGT was aligned with LAUSD’s priorities for overcoming the cyber threat and continuing education. The MGT team translated that mission to the other participating firms to help prioritize activities. LAUSD was working at a herculean pace on many critical issues simultaneously. They didn’t have time to be in every conversation and translate their core mission and objectives to all the external companies that were providing response and recovery support. MGT could translate LAUSD’s core mission to help organize the recovery efforts.

The ability to translate, organize, and cascade the message of LAUSD’s mission through every conversation to all parties made a big difference. Again, we acted as the client advocate and partner,” noted Rajeev.  “There were not enough hours in the day for the LAUSD team to be in all the conversations. We could translate and advocate to clarify LAUSD’s perspective on their behalf strategically and effectively during a very difficult time.”

Click here to read the conclusion of this story with a deep dive into LAUSD’s 90-day recovery plan, lessons learned, and what it means to “recover forward.”

—–

For more information about school district solutions engineered by MGT Technology Solutions and MGT Education Solutions, click here.

Publish Date

Posted on May 5, 2023