DeKalb school district's cyber security team says they need more funding to keep district safe

DeKALB – The DeKalb school district's cybersecurity team said they're currently mitigating 65 to 70% of cybersecurity risks, and are heading to the school board to ask for more funding for their team.

According to district documents, District 428's cybersecurity team is made up of Ben Bayle, chief technology officer, and Marco Robles and Ben Yochem, system analysts, and was formed in 2018. The team manages 11,000 devices daily – including phones, security cameras, network, storage, intercoms, HVAC, door entryways, clocks and bells, servers, battery backups, copiers, printers and fax machines and digital signage – and said they don't have appropriate staffing to be able to mitigate risks to the level they should be.

The team also manages the 6,000 Chromebooks used by D-428 students. Each device has logs that need to be monitored and stored, documents show.

"Without appropriate staffing, it is nearly impossible to be proactive to cyber threats," the team said in their appeal which will go before the board Tuesday at their regular meeting, set for 7 p.m. at the DeKalb Education Center, 900 S. Fourth St.

To troubleshoot that, the team is asking the school board to approve a full-time cybersecurity analyst for fiscal year 2020-2021 (a current systems analyst would move into this role, documents show). The team is also asking for the board to designate additional funding to the department for professional development and risk management.

The position movements will open up an entry-level job for an IT Support Specialist, part of a number of goals the team would like addressed in the future, documents show.

The total expense request would bring the cybersecurity annual budget up to $104,000, documents show.

Funding would also cover additional software the teams said they need to improve security, such as malware software and backup drives for information.

In their request to the school board, the team said most cybersecurity attacks occurred because there are not enough staff to regularly keep tabs on sites, devices and other areas that require check-ins to ensure security measures are working.

The district must comply with a number of laws to ensure student and staff safety and identifying information is kept confidential online, documents show, and the team utilized guidelines from the National Institute of Standards and Technology to aid in their response plans.