« Is "Maker" Education Ready to Go 1-to-1? | Main | Tablet, Smartphone Use in K-12 Rises, and Learning Apps Have Big Presence »

Fla. Closes Probe Into Attacks on State Testing Without Suspects, or Leads

By guest blogger Leo Doran

Having reached dead-ends in their pursuit of leads and suspects, Florida officials have closed their probe into a series of cyberattacks that disrupted state testing earlier this year.

In March and April, thousands of students and test proctors in Florida schools discovered they were unable to access Florida's online state tests, encountering blank screens and problems logging into the system. 

According to a Florida Department of Law Enforcement report released this month, officials quickly identified the problem as a Distibuted Denial of Service attack against the contractor administering Florida's test, the American Institutes for Research. 

Specifically, the AIR's third-party server contractor, Rackspace, which physically houses the file server for the Florida tests in Chicago, was flooded with service requests from over 29,000 IP addresses.

State officials ultimately found that no "items associated with the test administration, including the testing instrument, test results or student information [were] compromised."

In conjunction with the FBI, the Florida Department of Law Enforcement was able to determine that the attack was likely orchestrated from outside the United States by comparing IP addresses from previous distributed denial of service attacks. 

The AIR responded to the cyber-attack by requesting that Rackspace strengthen its firewall to handle more traffic and block all foreign traffic. The vendor also coordinated distributed denial of service mitigation services between Arbor Networks (Rackspace's security consultant) and Mandiant (another security consultant).

According to investigators, these measures proved mostly effective, as the online testing systems would be attacked again numerous times in the following months with only minor interruptions in exams reported through May.

While the investigative report failed to identify a probable motive, distributed denial of service attacks are typically intended to disrupt access to a system rather than to extract sensitive data, although occasionally these attacks are used to mask secondary assaults against a server. According to state officials in this case, the attacks did not appear to compromise any personal student or teacher information housed on school servers.

An independent report compiled by Alpine Testing Solutions for the Florida Department of Education found that between one and five percent of all state assessments were corrupted. The review also concluded that Florida's tests were an acceptable way to measure students' knowledge of state standards, a conclusion that was greeted with skepticsm in some quarters.

For full coverage of the Alpine report, see the recent entry in Andrew Ujifusa's blog State Ed Watch.

Florida department of education officials say they will be pursuing liquidated damages against the AIR to compensate for the delays and disruptions.

A spokesman for the AIR declined to comment on potential damages beyond saying in a statement: "We are focused on working with the department to provide the most positive possible testing experience for Florida's students." 

The testing vendor also expressed confidence in its strengthened security tools to counteract future attacks.

"[W]e are continually reviewing the safeguards we have in place," the AIR said, adding that the organization "will make adjustments as necessary to make sure students have a positive testing experience."

See also:

 for the latest news on ed-tech policies, practices, and trends.

Notice: We recently upgraded our comments. (Learn more here.) If you are logged in as a subscriber or registered user and already have a Display Name on edweek.org, you can post comments. If you do not already have a Display Name, please create one here.
Ground Rules for Posting
We encourage lively debate, but please be respectful of others. Profanity and personal attacks are prohibited. By commenting, you are agreeing to abide by our user agreement.
All comments are public.

Follow This Blog


Most Viewed on Education Week



Recent Comments