Audit: Education system computers are ripe for attack
The state agency that holds the education records of more than half a million Oregon students should tighten its control of that information, state auditors say.
The Oregon Department of Education regularly checks its computer systems for vulnerabilities and performs other "critical security tasks," but the agency isn't actively managing software or users to prevent breaches, according to a report released Nov. 6 by Secretary of State Bev Clarno.
The agency has at least partially put into place more than half of a set of controls that experts consider basic security measures. But "significant work remains to fully implement" those measures, auditors wrote.
For instance, the agency hasn't updated the list of software programs that are authorized to run on its systems since 2014. That list includes software with "significant known vulnerabilities," auditors wrote, and the department hasn't taken steps to make sure that only authorized software is installed on its computers.
Auditors found that unauthorized software has been installed on numerous computers.
That puts the agency at a higher risk for being unaware when its computers have malicious software or software with known weaknesses, leaving the agency prone to attacks that can access student data or disrupt operations.
The education department is supposed to keep information about students secure and to protect their privacy. The agency, though, lacks an overall plan to manage security, which means the agency could be more vulnerable to cyberattacks.
Those problems could stem partially from some bureaucratic reshuffling, auditors found. A recent state law consolidated the state's cybersecurity workers into one office.
Previously, the education department had workers dedicated to cybersecurity issues. But in 2016, Gov. Kate Brown issued an executive order that put all dedicated security workers in various state agencies under the state Department of Administrative Services. That new office hasn't assigned someone to help the education department with its information security functions.
As a result, "some critical activities are performed on an ad hoc basis" and the agency's ability to handle security incidents is hindered, auditors wrote.
The agency agreed with auditors' recommendations and said it plans to put auditors' recommendations into action within about two and a half years.
Cultural center stages exhibit of students' selfies
The Chehalem Cultural Center invites students up to 18 years old to participate in a selfie portrait art show in November. The show encourages participants to create an artful, current self-portrait using any medium and in any size as long as it is unframed. Students must drop off their artwork at the cultural center this week with their name, age, school and contact information on the back of the piece. The show will be held in the cultural center's grand ballroom Dec. 3-5, with the reception from 5 to 7 p.m. Dec. 5. Awards will be announced and a "popcorn bar" will be provided. For more information on the event, visit www.chehalemculturalcenter.org.
Turkey Fumble coming up soon
The 4th annual Great Turkey Fumble is on tap for Thanksgiving morning, starting and finishing at Newberg High School's Loran Douglas Field. The family friendly 5k run and 1k walk benefits Newberg FISH and has become a fun, local tradition.
Along the route, various football challenges will be available for those interested in participating, including chasing a person in a giant turkey costume. Registration information for the event, which starts at 8:45 a.m. on Nov. 28, can be found at thegreatturkeyfumble.com.
Library hosts craft sale
You count on us to stay informed and we depend on you to fund our efforts. Quality local journalism takes time and money. Please support us to protect the future of community journalism.