¶ Intro / Opening
I'm ready if you're ready.
¶ Intro
I'm ready.
You want me to say it?
You can say it. I don't want to say it. On this week's episode of the K-12 Tech Talk Podcast, we discuss a massive data breach that impacted hundreds of thousands of educators in Pennsylvania, then interviewed Terry Loftus, the CIO for San Diego County and chair of the MSISEC Board, about the impact of the recent cuts. Thanks for listening.
Live from ntp studios this is the chris and mark show that's right because josh is in uh he went to disney or something i don't even know does
John is it me or does josh go to disney like at least once a year
He's got like mickey mouse ears he's a frequent like they know his name when he walks out.
He sends us pictures. He's like a kid. I got to send pictures of me and Disney World to my friends.
He did send several pictures.
Yeah. Trying on costumes.
Eating ice cream.
You know he's listening to this on the airplane back too, which is great. Laughing in his seat.
But it's just you and I tonight. And we had some news planned and then Trump signed an executive order. So all those news things aren't really relevant anymore. So we're going to jump into a couple of things. And we have an MSI SEC interview that we're pretty excited about as well. So, Mark, do you just want to jump? I guess before you jump into the news, I'll talk about CTL.
I'm going to put a link to this. They have a webinar. It's an on-demand viewing kind of thing about mastering Google workspace security. Check that out. They get into the investigative tools, the trust rules, the context, aware access, API access control. And you can just click on that thing, watch that. But you can check out CTL for your Chromebook needs as well. So I'll put a link to that in the podcast description. But Mark, do you want to talk about the news of the day? Yeah.
I mean, the news from like an hour ago. So we're recording this one on Thursday night. And the news just broke that Trump has issued the order that he said he would, which is to dismantle the Department of Education. There's not a lot of details in it. It is really more of a written order to say that we're going to start the dismantling of it. We were planning on talking a little bit about the cut of the Department of Education's Office of Education Technology.
I think given that the entire department is now on the chopping block, we're going to wait and see if we have a little bit more detail and talk about it in a future episode. We are talking later in the episode about the MS Isaac cuts, and so we'll try not to be too doom and gloom this entire episode.
I don't like doom and gloom.
No, no. let's not let's not do doom and gloom um so let's move on to the news um oh wait no no talk about tariffs no back to before that doom and gloom um pennsylvania's education union so the the agency that represents uh approximately
¶ Pennsylvania Data Breach
200,000 uh education professionals teachers support staff and so in pennsylvania suffered a data breach. And I know we see a lot of data breaches. This one is painful to read the details of. So I'm going to start with the numbers here. They sent a letter to 517,000 individuals. That's current and former employees.
Okay.
And this is where it gets really painful. The letter just came out. We're recording this at the end of March. The attack actually occurred somewhere around July 6th, so eight months ago.
Quick turnaround.
Yeah, quick turnaround there. Way to go, Pennsylvania. And then they conducted a thorough and extensive review of the impacted data, and they completed that on February 18th. So that was a 17-month review, and then a one-month turnaround until they actually notified users. So I just got...
Yeah.
That's a brutal timeline that, you know, they were nice enough to say that they have not seen any evidence of information being used. But when you read about what information was stolen through this, the eight-month delay between when the attack occurred and when they actually notified users is huge. I'm not going to use the word borderline criminal, but just listen to this list here.
PSEA says the stolen information varies by individual and consists of personal, financial, and health data, including driver's license or state IDs, social security numbers, account pins, security codes, payment card information, passport information, taxpayer ID numbers, credentials, health insurance, and medical information.
That's everything, right?
That's it. Let's pack it up. It's over. And the attackers did claim the attack. The breach was on September 9th. So, you know, giving them the benefit of the doubt and saying, well, maybe they didn't find out until later in the summer or in the fall. That's an extremely long period of time to not tell your users and your customers that that type of information was breached.
Yeah, there's no... I don't, we can't defend this very well.
No, no.
You know, we gave PowerSchool pretty good grief or some folks, actually, we kind of gave PowerSchool some praises on how quick they got some information out. But they still took grief,
Right? They did. But this is why, like, this is what we're used to is these data breaches coming back after months and months and months in PowerSchool. You know, they got grief for not turning around within 24 or 48 hours. But it was a seven day turnaround that that power school turned
Around you look at this and you're like well that so it happened in july the bad guys uh claimed it in september even september like even even if we try to play a game where we're like well maybe they didn't know until september well it's march yeah so you can't give any of this timeline yeah like any like hey good job guys for your transparency and
There was still they they conducted a thorough investigation and it was completed it was a month ago uh so it's it's just it's so unfortunate you're talking about people's life that was just breached and uh the more information you can give them early allows them to hopefully do something about it
Yeah and unsettling is that long list of all the things you know i can think about the times i've gotten a letter where they're like whatever website i used yeah got hacked and it usually says like you know a thing like social security number yeah yeah uh this is just pretty much everything about a person yeah um that it says just the generic medical information so you kind of wonder too are they telling the and i don't think so.
It just says that it varies by individual. So you got notified that here's the long list of things that potentially is just sitting out there. Right. Uh not cool
Um you mentioned when you get those breach notifications um have you have you gotten tired of getting those because i don't know about you i've i just get so many of them i i've almost become numb to them when
I was saying that out loud i couldn't think of the last one i got because they kind of happen so maybe it's not a big deal yeah if you're hacked wait wait to tell your people it's not a big deal
Yeah you know what like here chris just what is your social security number
Just will you beep it out
I mean i'll beep most of it out anyways so yeah i think we will um we're gonna spend the later part of this episode more on news on the ms isac news uh and we'll come back in a future episode with more updates on the department of education obviously it is all breaking and what we want to do is try to boil it down to what's the impact on education technology so we're going to hold off on sharing more news but we'll pivot now and give the survey results
Yeah so we came up with this in the midst of the last episode and we actually did some follow through sometimes we're good at follow through we posted on K12 Tech Pro and mark my computer spazzing out actually
Yep you want me to go through yeah we
¶ Tariff Survey Results
uh we posted are you seeing any tech quotes or purchases impact by tariffs we've talked about tariffs quite a lot lately if so uh is it a yes or a no and then if you could leave some comments so we did we had a lot of people respond do you remember what the yes was chris how many districts 64 64%. That's a good percentage of districts that are already seeing impacts of tariffs.
Yeah, I felt like this was an early ask of this question.
Yeah.
I was thinking more like April, May, we'll really start to see is tariffs going to impact K-12 technology. But we, I mean, we posted this after last week.
Yep.
And in a week's time we got these results and it's a 64 yes districts on k12 tech pro are seeing the impact of tariffs
Yeah multiple people have talked about how vendors are telling me that quotes are no longer valid so they've got to be re-quoted uh some people are saying their vendors are saying 10-15 on goods from china 25 from mexico the one that shocked me the most we were talking about this before on the show. One person posted a screenshot of a quote from And this is for laminating rolls, but, you know, Random? Yeah, technology oversees some random stuff related to that.
There's a line item on the quote for tariffs.
Yeah, it says, part number, tariff. No, that's crazy.
It is a bold move. I did the math here. It's only a 4% increase, but no, I take that back. That was, I was on each item. So there was eight items on here. So you're looking at 15% or so overall.
Okay.
Yeah. But that's a crazy amount. Crazy thing to see on a quote. You're actually seeing tariff put right there on the quote itself.
Yeah, I was surprised by that one. There were several that were talking about a particular Chromebook brand company.
Yep.
Then it was like they get a quote, and if they didn't pull the trigger that day, they were kind of told like, hey, reach back out. It's different tomorrow.
Yeah.
And that was real. The dollar amount was actually changing. Now, Mark, this begs some question, I think. Do you think these companies are taking advantage of this at all? Do you think this is all legit? Do you think there's an in the middle there? What do you think?
It's really hard to say. I think given what we've heard, we've heard people on K2 Tech Pro talking about tariffs and seeing re-quotes and stuff since before the tariffs actually went into effect. So I think there's a little bit of, yes, absolutely. There are products that have already been impacted by tariffs.
I think there's a little bit of vendors being proactive and letting people know like hey these things are going to go up i i hope that there is not people artificially inflating costs or blaming cost increases on tariffs when it's not the real reason but you never know yeah
I don't i think i've seen this at least once and it rubs me wrong i i don't want to see vendors telling me about tariffs and it feels like a scare tactic for me to go ahead and order the thing.
Yeah.
I don't like that at all. I more think we, if we're over the purchasing in our school districts, this is probably the time, as much as we might love one, two vendors that we work with all the time, it might be the good time to get your three, four, five. Try a couple different companies that maybe you don't get quotes from all the time. Just to make sure you're being a good steward of the money still uh and that you're not playing like a tariff game or whatever
Yeah and we've talked about on on previous episodes too that most of the tariffs are impacting your devices your laptops and computers and that's what we heard in the comments too that's something that's relatively easy to switch between vendors when you get into the more heavy duty stuff your network equipment obviously that's very very difficult to switch uh network providers but But, you know, those are actually less, there's a little bit more of a buffer between those devices and those types
of technologies and tariffs, hopefully. We'll see.
Jeez.
All right.
Well, we were going back and forth on what to do for the next survey. We had way too many political comments and we said, let's steer away from political topics.
Let's keep it easy.
Let's keep it easy. And let's talk about something that we've talked about quite a lot on this episode. Chris, what's the next?
So we're going to post this thing on KTOL Tech Pro. And if you're not on KTOL Tech Pro, you should be. But you can also just email us and tell us what this answer is. And we'll include that in the final percentages. But are you looking at student MFA is the question. And then the choices are going to be like, yeah, probably in the next year or probably two to three years away. Or you think it's like three plus years away or you don't want to talk about it.
Can we add a another choice that's like i'm still working on staff mfa
Yeah maybe that should be i don't want to talk about it slash and or uh student mfa like what what is that all right yeah we should probably dig into that some so mark we are uh gearing up for the cosen conference yeah that's coming up pretty quick that'll be march 31st through april 2nd i was talking to someone earlier today that said that they'll see me there so we hope if you listen in to this if you're at coast and we'll have a table i think somewhere near the registration area
we'll be doing interviews but we'll have stickers and pins and whatever stuff uh so come and hang out with us shake our hands we love to talk to you we'll give you some k12 tech pro k12 tech Talk podcast swag as well. And trips like that are made possible thanks to Lightspeed. Check out lightspeedsystems.com for their content filter and more. Fortinet is a proud sponsor of the K-12 Tech Talk podcast. You can email Chris Illingworth over there at fortinetpodcast at fortinet.com.
And Classlink, they do your rostering and more. Check out classlink.com. But we're excited about Kosen. We'll also, I think not many weeks after that, we're going to the Indiana CTO clinic. That'll be all three of us. We're excited about that trip as well.
Super exciting. All right. Next up. What's next on the main topic here?
The main event. So we know that Josh comes on here and he's on the MSI SEC executive committee and he knows his stuff. But Mark, we were like, Josh isn't enough. We need more.
Be honest. We didn't trust Josh.
Yeah. Can you trust a Josh?
Yeah, we needed a second opinion.
So we, the three of us, interviewed Terry Loftus. He's the chair of the MSI SEC committee. We got to do a good sit down with him, ask him several questions.
¶ Interview with Terry Loftus
He gives a great overview of what MSI SEC does for schools and organizations that it impacts. And then what these cuts mean. We promise we are not a political podcast, and we promise that we try to ride a lot right in the middle. And if you've hung out with us for a while, you know that we might even have differing political opinions about things. But we just need to talk about what's going on because it is going on. We do always promise to talk about K-12 tech news.
I don't like all the doom and gloom and the cuts and all the stuff, the DOE thing. like it's not fun conversation to talk about right mark but
Yeah yeah and we've also tried to say you know whatever we whenever we talk about these kind of high level political conversations we want to try to boil it down to what does this impact you or how does this impact you with the district so hopefully you find a little bit of value in that here's
That interview so with us uh we have the pleasure of having Mr. Terry Loftus with us. I met Terry, I guess, back in June when I attended the MSISAC conference as a newly elected board member, not quite installed yet. And Terry has since then been promoted to the chair of the MSISAC committee. Yay, Terry. Terry is the other K-12 representative, and you are an assistant superintendent at San Diego County Office of Education, if I'm correct.
And we brought you on. I know last week we talked about MSISAC funding cuts from a public perspective, all the information that was public at the time. I didn't really share any, you know, how the sausages made information that had been going on behind the scenes. But now the letter from CIS has gone out. So we're bringing you on for more of a official statement, and kind of to walk through what maybe might be coming down the road, what options, what other resources are available.
That kind of thing. So if it did, I get your introduction, right? Did I miss anything?
You nailed it. You nailed it. And I'm particularly honored to have been voted by the executive committee to the to the chair role, which, from what I understand, is the first time a K-12 person has been the chair for the 21 years that ISAC has been in existence. So like Josh and all of you, my heart, my passion is all in K-12. And so, you know, whatever we can do to advocate and support and help each other is always a good thing.
So, yeah, it's great to have gotten to know Josh through the executive committee. I think it's the one thing that's a little perplexing for me, Chris and Mark, is that when we get together for meetings, I mean, Josh is hilarious. He's funny. he posts things yet i listen to this podcast and and i i don't hear any of that as uh the the the humor piece is just not there i yeah he's lying dr jackal and yeah hi type situation we get a
Lot of complaints
I get a lot of complaints uh i thought i i thought i was funnier on the show than i was i was in person so i guess i need to amp it up a little bit.
Please don't
Yeah yeah That was all sarcastic.
I know that there's some good-natured ribbing that's always taking place. And sometimes monkeys.
Yes. I was going to say, Terry, you are in the high echelon of people that have been guests on this podcast. Jackery Sider and Tanya Haddix, crazy chimp lady from HBO.
Now we know where to get a stake in the Ozarks.
Yes. Well, you'll have to come to the conference this July and we can take you. I will show you where to get a good stake at leg of the Ozarks. So all of that aside, give us an overview of the MSI SAC and kind of address the funding. What sources of funding does the MSI SAC have?
Yeah. Thank you for starting at the least exciting part. No, let's get into the details. And it is a little bit dry, but I think, Josh, kidding aside, I think it's a really good question because a lot of people don't know, where does money magically appear from? Who controls it? Who's in charge? So just to give kind of a if you're thinking of the old school game shoots and ladders, I'm going to kind of go go through the boxes here and just give you the high level view.
Really, everything begins with the presidential budget, which then is passed to Congress, which provides funding for the MSI SAC through its budget appropriation for the Department of Homeland Security or DHS. The funding instrument or that vehicle as to how that flows to MS-ISAC is what's known as a CA or a cooperative agreement. And that's essentially a cooperative agreement between DHS, a portion of DHS, which we all know is CISA, the Cybersecurity Infrastructure and Security Agency, and...
And then the Center for Internet Security. So we've got a lot of security and internet and so forth in those titles. But the fact of the matter is, there's really two entities, with CIS being the not-for-profit that is essentially home to the MSI SAC and the EII SAC. And this cooperative agreement is, without going too far into the weeds, is this legal instrument of financial assistance between the federal government and a non-federal entity.
So, again, CIS, to carry out, quote, authorized public for a authorized public purpose.
So you can kind of think of it like a grant, but under a cooperative agreement, CISA is really directed to support and stimulate the activities of the MS-ISAC, but the language is that it's not to assume direction, prime responsibility, or a dominant role in the activities, meaning that they are, in a way, CISA is managing the paperwork or the documentation, Really kind of facilitating or doing some of the logistics.
And MS-ISAC really is to drive how services are crafted, what services are provided, how things are prioritized, because the expectation is that the MS-ISAC is ground level. Like with the executive committee, which we'll talk about in a minute, we're made up of members. There's over 18,000 members.
And it's critically important that there is insights and feedback as to what is needed out in the field, because our federal friends sometimes in their bubble don't have visibility or an understanding as to what's happening in a small rural town or a tribal community or a small K-12 school.
So the last piece I would mention is that when we think about the cooperative agreement, that is under something that is really exciting that I researched after starting with MSISAC called the Federal Grant and Cooperative Agreement Act of 1977. I highly recommend if you need some good nighttime reading to fall asleep. That's a good one. But ultimately, the reason I even bring it up is the language is the principal purpose of both of these relationships. So, you know, DHS and CIS.
Is to transfer value from federal to state, local, and private organizations. And the task must never shift that it's being performed for the agency, meaning that I can't take that money and say, you know what, we're going to stand up this other program, or we're going to hire 50 more people, or that's not what that money is for. And so the reason I even bring this up today is because there's been a lot of rhetoric recently about, hey, what's effective and efficient.
We have a number of agencies that are under scrutiny currently. And there's a lot of talk about taking dollars and pushing them out to states, get them local, like get them out to the folks out in the field. And I actually subscribe to that mindset. But what we're seeing happening in Washington isn't necessarily that. And I think people don't realize that the MSI SAC is exactly what they're striving to deliver on, right? And so that's why it's so confusing to so many members like,
well, wait a minute here. This isn't money that's going to DHS to do X. This is money that through the cooperative agreement flows to MSISAC exclusively for local and state entities and those in the SLTT community. So again, not to belabor the point, but when people say, well, hey, we're doing this, you know, when DHS posts on their Twitter account their ex that, hey, we saved $10 million of federal money. Not really.
It's that money that was pipelined directly out to local agencies and entities in the SLTT community. So it's a bit of a misnomer that as you cut those dollars, that somehow that was going to federal agencies when it absolutely was not.
And it's not like they could reuse that $10 million in a project for DHS, Those are earmarked dollars that can't be reused elsewhere. Interesting.
Yeah, just a little bit of housekeeping. We do have a strict four acronym limit on each episode. And so, Terry, I just want to do a little bit of a count here. You've exceeded your count.
Yeah, 37, I think, is what you did.
That was a hard limit.
Yeah. You have a card that I should be tossing a quarter into each time? Is that how? No.
What happens is we just bleep all the extra ones. So it just sounds like you're swearing over and over again. So follow-up question here. So I think you may have kind of buried the lead here. So how much funding was just cut from MSI, Zach?
So there's two elements. One, I won't go into too deeply. One, it has to do with the elections ISAC or the EII ISAC. CIS was notified that all remaining funding was suspended on February 14th. So that was a nice Valentine's Day message. Oh, and but what we're really talking about today is the broader organization, the MSISAC, which by extension was providing resources to the EIISAC, had a cut of just over $10 million.
And what I think is already public knowledge is that there was 10 categories and that unto itself is nuanced. And we can talk about that a little bit as far as what some of those things are at kind of a high level. And then there is a, I think, some, let's say, lack of agreement as far as are they indeed redundant? Are they indeed services that CISA is already doing or someone else is already doing? And I think both sides could probably point to yes, no, or otherwise.
But as far as services, Mark, and what's provided by MSI SAC, I'll take just a super quick step back and say that some of the things that are normally provided, so let's hit the rewind button and go back a couple of years. The MSI SAC for decades has been doing things like the 24 by 7 by 365 SOC, Security Operations Center, threat intelligence, domain monitoring, incident response, forensics. Many folks are familiar with the Albert Network sensors for gathering information.
Endpoint detection and response software. Protective DNS, which is titled Malicious Domain Blocking and Reporting, or MDDR.
Thank you for catching yourself on that one. Yeah.
A lot of training, tabletop exercises, education, vulnerability management. I mean, there's a whole laundry list of services. And so when we think about it, You could probably place it into two buckets, right? One is some of those technical tools, applications, software, those types of services. So again, endpoint detection and response, which is currently and previously provided through partnership with CrowdStrike. Tools like the malicious domain blocking and reporting that helps protect DNS.
And then there's the things that have to do with more human-driven. So engagement activities, doing threat analysis, and taking those inputs, the data that's flowing in, how do we turn that into something that is actionable that our SLTT community, that it makes sense for? That it's something that, oh, hey, there's been an incident with PowerSchool or somebody else. Well, what does that actually mean? What happened? Let's get a better understanding so we can look at our own systems.
Let's say, for example, with PowerSchool, maybe you wanted to shut off remote access.
Why would you ever want to do that?
No idea. No, I leave it wide open. But yeah, so as far as what has gone away, and again, we've got a little bit of a tightrope here because it's about, we also want to maintain those positive relationships with various federal agencies. So I'm going to put my K-12 hat on and my current role as an assistant superintendent and CIO and say that there's... I'll point out a few things. So the human element or the engagement piece has been eliminated. So what does that mean?
Someone could look at engagement and say, well, that sounds fluffy and spongy and we're not getting a whole lot out of it. But that literally equates to MSISAC does hundreds of annual security webinars, Urgent topic membership calls.
Provides training opportunities. It's also a primary source of education and insights on SLTT-specific emerging threats, best security practices, recommended mitigations, And those types of things that are, again, it's not just a notice that, hey, here's what's going on out here in the wild. It's, hey, if you're an SLTT, if you're, again, a town, a tribal community, a K-12 school, this is relevant to you.
So we're going to cut through all the noise and say, here are the key things you should be keeping an eye on and how to address those in addition to the ongoing training, the annual meeting, and all of those elements. So essentially, what was sent to CIS is those things have been cut or suspended. And so as of today, as of right now, and I don't have a complete insight into what CIS has as far as plans and managing this cooperative agreement.
But they've said that this is mission critical work. And at least for the next few months until we can, you know, figure out what some of this means, because we've seen a lot of things happening in Washington that are sometimes reversed or changed or pivot, that we're going to keep doing these things.
So one example is we would not have like we had today, you know, we're on March 17th here, there was a K-12 call, a webinar that took place where people could get together, Go over a report that was crafted by the MSI SEC based on K-12 member feedback and have a session around that and talk about challenges, talk about opportunities, et cetera. So those are the types of very real things that go away under this reduction of funding.
The other things that are concerning to me is there is a cyber threat intelligence team That is run with MSISAC. And they're really responsible, again, for sector-specific analysis of cyber threats. We know there's a million threats out there. There's a lot of things to consider. But what are relevant, if I am a tech person in a small district and I'm an army of one, I don't have time to research lots of websites and go to different places and learn about the different threats.
I want someone to pipeline, like, what is relevant to me? So those types of things, you know, intrusion analysis will no longer be shared with the SLTT community. You know, threat signatures that are distributed by MSISAC to members, those that are developed by the cyber threat intelligence team will be halted. So not to be doom and gloom, but those are when people say, hey, there was a reduction that no one's going to notice, people are very much going to notice.
And that's why there's a lot of concern out in our community in K-12 and in other SLTT partner communities. Because for the most part, none of us are large financial institutions or big companies that have lots of funding and resources. For the most part, SLTT is like us, Right. We're we're we're under resourced and just simply fighting battles that are in cyberspace that are that are far more challenging and complex than we should really be doing on our own.
Terry, that's one of the things that I've always liked that MSI SAC can distill those alerts. You know, it's one thing that that a vulnerability gets added to the Kev catalog from CISA or an alert gets sent out saying, hey, this we found this new vulnerability and in Windows. But what MS-ISAC does well, or CIS does well, is they distill that down and they're like, yeah, that's a new known vulnerability.
But the likelihood of it really taking place in our environment or our sphere of impact in the SLTT is pretty small. So, yes, it's something to be aware about, but not necessarily worry that much about it. That's one thing that I appreciate from the MS-ISAC and their alerts. It's that, I don't know how else to put it, the likelihood of impact type scenario that they're really good at.
That's well said. I mean, within SLTT, we've got friends from the water and wastewater community, for example. So I know I'm getting off track with K-12 a little bit, but we've got a friend who's on the executive committee with us, and it's a publicly owned utility. And for them, they need to know about attacks on industrial control systems and systems, right? And so they may or may not care that a certain firewall vendor had an issue.
They care about the technology that they're using in their environments. And those services that they provide, again, aren't to some abstract group. These are everyday Americans that are recipients, much like our families and communities that are served through K-12.
So we can just say it. It's always the HVAC systems, right? Those industrial controls and the HVAC systems.
I don't think I realized until just now that the budget that was reduced was $10 million, which is, I mean, back of the envelope, that's like the size of a small school, right? That's not a significant amount.
Right.
And I know that we're not always in the room. We don't know how these conversations are had or made. But is the idea that the services will essentially shift to CISA? Or, as we've heard a lot in the common political environment right now, that the services will shift down to the states? $10 million is not a lot to pass on to states.
Yeah. Yeah. No, that's a great question, Mark. And a couple of things I would say. One, so that $10 million represents approximately half of the current annual budget. So not the entire budget. The current budget is about $27 million. And then there was an EII SAC portion, of course, that was also cut out. So again, these are very just rough numbers. But two things. One is even the entire $27 million budget is very, very small in the whole scheme of things, right?
I think that Josh said it well on your last conversation about CISA's budget is over $3 billion. And DHS is $89.3 billion last year. So when we talk about these types of numbers. These are really microscopic. The second thing is, that's the part that's particularly frustrating to me is I'm not necessarily against pushing things, resources, dollars, et cetera, out to the states, but literally this cooperative agreement is that. So when they say we're cutting that, there isn't something else.
This was already being pipelined directly out to local entities, to states, specific to the SLTT community, and this is being cut off. And no, there are no reallocation or other way that this money is going out, at least that I know of. So it's truly a loss for those out in the field.
So State of worry, if if the average listener is a K-12 tech or tech director in a district that subscribes the services, they they're a member of the distribution list that gets the alerts from MSI SAC or they've had to call the SOC for assistance on something. At this point, should their hair be on fire in panic mode? We've heard from CIS that says they're going to continue those mission critical projects for the time being.
Do they need to start looking for alternate resources like K-12 Tech Pro or K-12 6? What should I mean, we said it last episode, the more options that you have, the better you are. Is it that point to start fact finding and looking for something or should we kind of see how it goes for the next couple of months?
Yeah, you know, that's a great question because we do need to think about what the future is going to look like. And again, I appreciate what CIS is doing right now, but I also know that that's not necessarily money that they have laying around. And so they're going to need to make some decisions. And so, again, those of us in the executive committee like you and I, Josh, and others, there's more analysis and there's a lot of work happening behind the scenes.
So I guess my first message is don't give up hope. I think for anyone who's listening, there is value in expressing your opinion about the MSI SAC. If you have been getting the protective DNS with, you know, malicious domain blocking and reporting, because I'm not going to say the acronym anymore. Thank you. But, you know, those types of things, whether it's local, state, federal legislators, I mean, make your voice heard.
And I don't know that that's going to change anything in this current climate, open and honest, but it can't hurt. And so the hope is that there's going to be some alternate path of some sort to keep the MSI sack not just going, but back to its prior strength.
Um uh but as it stands now i think it is prudent for people to take a look around and and i know at least in in the districts that are around me in san diego county and here in california many use different services right and they've kind of cherry picked hey i'm going to use this or i'm going to use that from ms isac i think the big thing that we all lose is that uh i don't know about you all but there isn't unlimited money for professional development so right have your staff
Sit in, listen in to a free webinar and learn something new or about new threats is very valuable. But those people that are using specific services, they might start to think about, all right, where do I go from here? And the other challenge that we all know being in K-12 or K-12 previously is that there's also budget cycles, right? We can't in the middle of a budget year randomly say, oh, by the way, I need to pay for this protective DNS service because this thing is away from
MSI SAC. So I would say we do need to be forward-looking and think about, all right, what are those alternate options?
Yeah, if I had to pivot quickly, what would that pivot look like? What are my resources? And, you know, we were kind of talking about it before we hit the record button. Those local resources, those local networks are huge. Chris, you and I here in Missouri, Mornet is big. It's been around forever and a day. You know, K-12 Tech Pro is big in our state. the support that we give local districts.
We just had all those tornadoes roll through and build it on at Rolla said the amount of school districts that have reached out to him offering spare access points or spare switches to get them back up and running. There's a lot to be said about that local communication, that local cohort of individuals as well.
Yeah, I the we we know that there's greatness in local and that a lot of states states have great things going on as well. The whole that happens with MSI SAC is the goals and objectives that MSI SAC adheres to unified California to Missouri.
Right. Single voice.
Yes. And that's and that trickle down effect where we know that we're getting the same information. You know, to every state all the way down to the boots on the ground. That's I think that's the biggest. But yes, we can lock arms and be the small armies again that become one, but there's going to be this thing, this big shift. Where that unified feeling kind of goes away if you were big into MSI SAC and what it offered.
Chris, I was starting to feel like you were going to say form a drum circle. We might. But maybe not. No, but it's a good point. And we've got these state level organizations that are fabulous. And there is value in that, in the community, in the collaboration. But you're absolutely right. The MSI SAC is providing something different. None of these organizations. So we've got one in California, California IT and education or site. It's great.
And it's all the K-12 technology folks, regardless of your role in K-12 education in our state. And there's a lot of great resources. But they are not positioned to do threat analysis on a nation's threat actor like SISAC is. You need specialized skills, a team, a SOC. You need folks that this is their job, right? This is it's a whole nother level than than than, you know, we've dealt with in 10, 20 years ago.
Right. It's it's not some script kiddie. It's not someone who's, you know, playing a prank. And it's still that. Right. But it's it's it's more so that we have these adversaries that are far better funded, are far more are far more capable, quite frankly. And that's where things start to fall apart when you start looking at these local groups as far as there's things that are within scope that they're great at. And there's some things that just are outside their wheelhouse.
Yeah. The security team at Morinet is great, but they're not going to stand up to the threat intel from Randy's team at MSI SAC.
Yeah.
And maybe the idea is there is a more robust SZA that comes out of this. Yeah.
Maybe. I'd say at least the language that I've seen, and again, I'm not the expert here, but just from various points, it looks like the interest is to pivot more to a place where they're more focused on federal agencies. There's been some language from the DHS secretary and others that it's to serve and support federal agencies. Again, not bad. No, it means we are very much to Mark's point.
We are leaving behind state, local, you know, out in, you know, the other parts of the country outside of D.C. Itself. And so, you know, one of the things that was in the news about a week ago or in recent days is about CISA having essentially their entire red team cut. And so I don't know what that means exactly, but in talking to some folks, it sounds like services like the free pen testing and vulnerability assessment
that they were doing for agencies. They already had a massive backlog. Yeah, years. Agencies. I mean, we waited almost two years and decided to go a different direction. But some people were receiving those services and that's great. And a high quality pen test or vulnerability assessment can be expensive. It can be 40, 50, 80 grand or more.
And so if that indeed is some of the folks that went away and the list is getting longer or it's just halted entirely, again, that's another thing that's gone from your toolbox. And that's something that particularly I know from having worked in a charter school initially and then a small school district, we don't have the funds to do that. So it's not a matter of replacing it with something else. It's a matter of doing without.
Well, and that's the fear of other the free services going away, like malicious domain blocking. Like if that goes away, that's a service. Yes, CISA does have PDNS, but it's a pilot program now. I'm not sure if it's going to be funded. That's a service you'd have to go out and purchase at that point. To buy that from Akamai is not cheap, but it's not expensive either, but it's a new line item in your budget that you'd have to account for.
And like you said earlier, Terry, we are already into budget cycling for next year. And if it doesn't make it in in the budget in the next month and a half, that's going to be a change to the budget going down the road. So, yeah.
So we talked about that just briefly last episode about if if if this whole thing's you know like hey we're moving this away from government stuff and like go get it from business land yes it was a discounted or a free blah blah blah pin test whatever but now you're gonna go pay this company to get it you get that or like hey this used to be free here but now you're gonna buy this membership but it costs money small government all that stuff makes sense great
on the whiteboard But then we are a K-12 school district with a limited budget, and we didn't plan for all this stuff at all over here. And that's where the question marks really come in for me, I think.
We were lucky enough to have one of the SZA pen tests done last spring, last summer. It's one thing to be able to go to your superintendent and say, we just had a pen test done by SZA, by the feds, the cyber arm of the feds. And we did pretty darn well. It's a different thing to say, hey, we just had this pen test done by a company that we're paying, and they said we're really good. That's a different conversation.
Or that you're really terrible, and therefore you need to buy all these other services.
Exactly. Exactly.
Because, yeah. Yeah. Yeah, no, that's really, really hard. And again, you bring up a good point, Chris, because it's as we're talking here and budget cycles and so forth, but people outside of K-12 might not understand that just saying, oh, I'm going to get it in the budget and I got to give up this other thing. In many cases, you can't budget for it. You're not going to have the dollars.
It's just something that you are going to have to go without, that you will not have that tool, that resource, that capability. And that's rough in K-12 because we're not a private sector where we can make more widgets and have more income. It's about our students and attendants and all of those elements. And so it's kind of a zero-sum game in education. And so it's a really tough call as to if you even go after a paid solution for some of these things. Yeah.
Well, not to be all doom and gloom, but I feel like we like. Yeah, I know.
Both you guys, two peas in a pod.
Um i feel like we need to come up with a a nice meme terry that that cis and ms isac make put on all the socials like a little silhouette silhouette of albert and say albert's not dead or albert's alive and well um you know the the harry truman or who was it the the reports of my demise are grossly over exaggerated or something like some something along those because mdbr is alive and well it's not dead albert is alive and well he is not dead uh ms isac is alive and well it is not dead uh.
You're right there there's a number of things and so i i think that's a fair point that we need to uh you know beat the drum a little bit as to the things that we still have um And understanding that now is the time to do that, because who knows what's going to happen in a few months or six months or beyond. Right. Like we've already seen with our federal friends that there's cuts in one area and then surprise, surprise.
Two weeks later, let's do another round of cuts. And so, again, not to be negative, I generally am a very optimistic person. But we need to, you know, again, shine a light on those things that we still have. So that's a good point, Josh. Yeah.
Gentlemen, any other thoughts or questions for Terry? We've kept him.
I'm over it.
Move on.
I've had Gemini create a couple of acronyms for our agency that we'll establish as a result of this conversation. So, you know, the first one is budget insufficiency threatens everyone's mitigation efforts. I think we would all agree with that.
Yes.
That acronym is bite me.
Uh so that works really well yeah.
So yeah i
Think there's acronyms that we can
We can we can pull from this mark you're proving yet again that that really ai is the best way to generate jokes i mean that oh yeah
Yeah we have failed there terry several times well terry we appreciate you coming on uh hopefully we're not keeping you from any corned beef and cabbage uh it is saint patrick's day. Um, but yes, we appreciate you joining tonight.
Absolutely. Absolutely. Thank you for having me and good to, to, to chat with you all. All right.
Thanks.
Take care.
We might not be the same You share the same pain that I The
Views and opinions expressed on the K12 tech talk podcast are the personal opinions of Josh, Chris, and Mark, and do not represent the views or opinions of our sponsors or other of organizations that we're affiliated with. The material and information presented here is for general information and entertainment purposes only. Thanks for listening, and we'll see you next week.
