June 2013 Webcast for District Education

Below is a complete written summaryanddigital copy(audio and video)of the June 2013 webcast forDistrict CIOs and Education Technology Leaders.This month the webcast was conducted from the in the KDE studios in the Capital Plaza in Frankfort.

You can get to both the Video and Audio links for this webcast through our webpage at:

Video and audio http://media.education.ky.gov/video1/On-Demand2013/KIDS_District_webcast_6-18-2013.mp4

On the Media Portal at http://mediaportal.education.ky.gov/videos/district-technology-leaders-6182013/

Downloadable audio podcast http://media.education.ky.gov/video1/On-Demand2013/KIDS_District_webcast_6-18-2013.mp3

The webcast is approximately 1:27 minutes. The numbers in red below indicate the time stamp for discussion on the audio and video segment of the broadcast.

Summary

00:15 Introductions and district information: From KDE we have David Couch. We also have Phil Coleman, Mike Leadingham, Chuck Austin, Dede Connor, Marty Park, and Robert Hackworth.

David reminded the audience that the can participate further by sending questions and answer Polls using the using the GoSoapBox platform.

The webcast today is being held in the KDE studios in the Capital Plaza in Frankfort.

1:05 FY14 KETS Unmet Need and Expenditure Plan Update: David presented the reports to the State Board of Education on June 6th and it was approved by the board.

On June 12th David sent some highlights of the presentation to the districts and what they can do to help prepare for the next budget cycle that begins in January 2014.

-  Kentucky TELL survey results and he asked that districts look at technology related items for their districts and compare it to others over the past five (5) years.

-  The survey can be found at: http://education.ky.gov/teachers/HQT/Pages/TELL-Kentucky-Survey.aspx

Technology Integration Specialists (TIS) is an example of inter-related issues in relation to budget cuts over the past few years. There are fewer TISs because of cuts in funding.

-  Another example is the age of workstations in the districts and the lack of a state based funding source for purchasing new workstations such as the IDU bond issue five years ago. The average age of workstations are going up since districts do not have a steady source of funding their replacements.

Districts can now help educate district leadership on the importance of proper funding for Education Technology.

9:00 CONNECT/ED: David related some general information regarding this new Federal program to help build equity and ease of access for education technology and a potential new funding source for these types of programs on a Federal level for rural school districts getting high speed internet connectivity. The Feds propose imposing an additional telephone tax thru the e-rate program to double available funding to 5 Billion. More information should come during a July 10th conference call.

12:30 IDU Bond and KEN Funding: One of the goals of the upcoming legislative session will be a reissue of the $50 million bond issue for IDU for the districts. Also restoring previous cuts in the KEN budget is a priority.

David also touched on the use of “One Time” monies and continuing/sustainment funding for educational technology.

16:20 Security Issues and Recommendations: David noted that we have had a few audits over the past few years and have some best practices recommendations. Bob Hackworth is present today to give some insights and recommendations.

There is always a delicate balance between making networks secure and be able to use a network for its intended purposes.

Bob noted that we have some recommendations and some futures “shalls” regarding security for the districts.

KDE has done a pretty good job in being able to protect our network while allowing the academic freedom that KDE and the districts need in order to do their job.

Our technology can only take us so far. It is the primary responsibility of each person using the network to help keep it secure and to protect student’s information and provide input on how we need to evolve as new technology comes into play. We need to use good passwords and be thoughtful of the information we use on a daily basis that others may want for bad purposes and be protective of that information.

Technology leaders also need to have discussions with district leadership on the appropriate level of protection to be used. They need to have the backing of district leadership as part of an overarching policy for the district.

Spamming is an example of being smart about security. If someone gets an email that is too good to be true – it probably is. Having 50 locks on a door does no good if the person inside is welcomed into the house.

Bob noted that it is a security person’s nature to use as much security as possible and when it starts to impact people to do their jobs then they pull back.

Passwords are another aspect of the types of simple, but effective security measures that individuals can do to make their work stations more secure. Finding a happy medium in terms of the complexity, but usable passwords. If it is too complex they cannot remember them and will probably be written on a sticky note and put under the keyboard, but complex enough that others cannot break it easily.

Bob personally wants KDE to use longer passwords that do not need to be changed as often.

David noted that the number one problem in terms of security in previous audits, are passwords that can be cracked easily.

Another piece of equipment that has passwords district are responsible for are the network equipment such as switches and industrial control systems. Those passwords need to be changed as well. You should not leave it as Guest or Admin.

KDE will be making changes towards password policy on the systems we control over the next year.

3rd party applications are often used in the background and not noticed by IT folks. KDE’s use of CIITS, MUNIS, and Microsoft Office are considered as 2nd party software. Adobe Reader and similar that is probably loaded on most workstations would be considered a 3rd party application. It is important that those 3rd party applications get updated as well so any known security holes can be plugged. IT professionals in the districts need to help make sure that their people know that if they download software they are responsible for the proper upkeep/updated of that software.

Reducing Administrative Permissions on workstations is another way that district IT personnel can make their networks more secure.

David noted that KDE is in the process of reviewing the current policy of each user having Administrative Permissions on their workstations. Does KDE staff need those permissions? How is the rest of state government handling this?

Districts can contact the KETS Service Desk and have new equipment scanned for any security flaws/problems.

David noted that we are looking at a service to help test security on the KETS network and just not the different audits we participate in. Also, he related that KDE and the districts need to remind those they work for to limit the use of portable drives that are not encrypted in case they are lost. If anyone uses portable drives to store protected or sensitive Student or adult data they need to have a way to encrypt their data in case it is lost.

If anyone has any additional questions regarding security feel free to contact Bob Hackworth at:

1:00:00 KIH3 Implementation update: Mike related that we are still planning to move to the KIH3 contract by June 2014. We are also in the process of moving 40 or so districts that have an immediate need for upgrades by the start of the new school year this year. The near-term goal is to move each district to upgrade to 50kbs per student and ultimately to 100kbs per student in each district.

Phil noted that it is important that we have the correct contact information as we prepare the upgrades. Go into the KEN contact list on the web portal and make sure the information is correct. David wants us to be proactive and send districts what we have to confirm their contact information.

Associated to this we are continuing to look at being able to consolidate and focus some network tools for KDE and districts can use to better manage our network. Over the next few months we should have a more solid idea on what is put in place as part of the new KIH3 contract.

1:09:15 Office 365 Update: Chuck stated that we are now trying to get the students updated into the system and migrate them into the single tenant tentatively before school starts and then upgrade the entire structure into the Wave 15 release of Office 365 a few weeks after that.

More information to come through the Field Staff.

Phil asked if there will be password reset tool in this version. Chuck replied that we are looking at many different features that will tie Office365 and other state level applications into Active Directory and similar platforms over the next year or so.

1:14:40 e-Transcripts Update: David noted that DeDe is one of the primary movers on this project. DeDe stated that we are moving from the pilot stage to the statewide implementation. We will have an email sent to district superintendents asking them to sign up over the next year. We have all but 2 of the Kentucky public universities and half of the community colleges and private colleges signed up – we want more, but it is a good start.

1:18:00 CIITS Update: David will be sending an update to districts in the next week. School Report Card – DeDe noted that as new buildings, realignments, and related work is done at district school that KDE needs to have that information in order to make sure that the School Report Card information is correct.

1:21:20 Inifinite Campus (IC) Beginning of the year Training using Lync will be held July 24-25.

1:22:08 Commodity Codes review process has begun. Mike noted that the KETS Engineers and others at KDE have made some recommendations to use in various reports at KDE. We will be consolidating the number of those codes and have them out to districts in the next few weeks. Mike also asked that district IT folks work with their finance people to use those codes moving forward.

The next webcast will be held at the Thomas D. Clark Center for Kentucky History http://history.ky.gov/ on Tuesday, July 16th starting at 10:00 a.m. Eastern.

Question: Will districts be able to gain control of their local SPAM Filters again?

Answer: Phil noted that we are still reviewing possible options but with the move toward a single tenant in possible future AD that will be difficult since what one district does will affect other districts in that type of structure.

Question: Removing Administrator Rights is not really an option in the education environment?

Answer: The Academic Freedom environment is different from many other businesses. However, that trade-off means that education of proper care and feeding of workstations is important in mitigating the possible bad side-effects of having more rights on a workstation.

Additional Questions and Answers related to Bob Hackworth’s conversation regarding security:

PASSWORDS

Q: So, how does this talk of security mesh with having to ask for passwords to troubleshoot issues with CIITS?

- A better practice is to recommend the individual assisting reset the password vs providing user password.

RH - I totally agree that the process described does not represent best practice, and hope to help turn it around. As for how these two items "mesh," I do not believe it's hypocritical to talk about how to improve security and then provide some examples of where we need to do so. That's exactly the conversation we need to have (what needs improving), and then share constructive ideas on how to improve the security of our environment (without negatively impacting our ability to teach our kids and help our teachers). I hope that we all recognize that there is no such thing as 100% secure; there’s really just the ongoing effort to minimize one’s risk. Thanks!

Q: If we want secure passwords why are limiting the length to 16 characters? A pass phrase is very short with so few characters.

RH - I agree that 16 characters will make for a short phrase, but it's still possible to do and could result in a very strong password phrase. Even my example during the webcast is double our current limit (“mares eat oats and does eat oats” is 32 characters, but still VERY memorable!). I believe this shows the strength of the model, though; we just have to LIMIT ourselves to 16 charactersJ.

Another method is to just use the 1st letters of each word in the phrase; so you would have "me0ade0alle!" if you added "and little lambs eat ivy" to my passphrase above. That gives you a 12 character password that’s very easy to remember and still pretty strong. Change the letter O to zero, add some punctuation (“i” becomes “!”, and it's a strong password that can be remembered by almost anyone since you remember the phrase, not the actual password.

Q: Teachers do not change their passwords. They leave them for ease of access to substitutes and team teachers.

RH – See next item, below.

Q: Moving to 1 sign-on for access to CIITS, IC, Email, etc is more secure how? Isn't this the opposite of what we have been talking about?

RH - Great question. The theory is that remembering one, very good, password increases security by eliminating the need to remember many complicated passwords, writing them down, storing them under the keyboard. It also increases convenience and acceptance. However, it does create the problem of putting all your eggs in one basket, as you point out, which is why it absolutely requires very good password policies. If those policies (and practices) are not in place, the convenience probably wouldn’t be worth it. My main concern is that some will choose to implement single sign-on AND have very weak password policies. THAT would be dangerous and the opposite of secure.