The New York Times referred to the major IT outage in July involving Microsoft and CrowdStrike as the “glitch felt around the world.” In today’s digital age amid an increased presence of artificial intelligence tools, it’s no surprise that keeping sensitive data safe is a rising concern for the student transportation industry.
During his STN EXPO West keynote presentation in July, Keith Krueger, the chief executive officer for the Consortium for School Networking (CoSN), discussed the results of an annual survey of school IT leaders that indicated a shift in the top five technology priorities. The number one challenge for the past three years was cybersecurity. Data Privacy & Security, which had been sitting at No. 5 in 2022, moved up to No. 2. Network Infrastructure was third followed by the up-and-coming challenges of Determining AI Strategy and IT Crisis Preparedness.
Transportation departments are handling large amounts of data, including but not limited to onboard video camera footage, student ridership verification, telematics, and transportation employee information.
With these large amounts of data, it’s also important that school districts and vehicle contractors are equipped to effectively use and analyze the data, which could increasingly incorporate the application of AI.
Different facets of data and information security were discussed at the 2024 STN EXPO West conference in Reno, Nevada, in July. During these sessions, speakers and vendors discussed how increased technology offerings also require due diligence in protecting the data that is run through and stored in a given solution.
In one of the STN EXPO West sessions, representatives from Geotab and Tyler Technologies led a discussion titled “What Do I Do with All of this Data? Using Artificial Intelligence and Business Intelligence tools in Student Transportation.” Craig Berndt, the segment manager for student transportation at Geotab, noted that he is expecting AI to be a rising trend.
“Machine learning is like teaching your dog to fetch, except your dog is a computer and fetching is recognizing patterns in data,” he explained. Some of the applications using AI to track data discussed in the sessions included risk management, predictive maintenance, driver training, tracking student attendance, and continuous learning that can assist in effective routing planning.
Berndt noted that historically there has been much conjecture surrounding AI, and a lot of that is hyperbolic. Geotab displayed its new AI assistant software Geotab Ace at the STN EXPO West Trade Show. Berndt added that Geotab protects transportation data by keeping it on a private, secure server. He explained it’s important to know how your data tools work and exactly where the data is landing.
“No one here would put your student data into ChatGPT. Our goal with generative AI is to get away from the staff having to analyze reporting. Would you like to be told what trends are from a reliable source or have to go through the data yourself?” he noted.
Berndt said that it’s important to stay on top of trends in AI, data security and analysis, commenting that “Artificial intelligence isn’t going to take away your job. People who know how to use artificial intelligence are going to take your job.”
Protecting sensitive student data was the topic of a panel discussion moderated by Rick Hays, deputy chief information officer at the Nevada Department of Transportation. Hays holds a doctorate in cybersecurity, served in the U.S. Air Force, and worked for the Cybersecurity and Infrastructure Agency, an arm of Homeland Security. He has extensively worked on military and government levels to further cybersecurity safety practices.
Panelist Jennifer Vobis, who has since retired as executive director of transportation for Clark County School District in Nevada, spoke about a 2020 security breach that affected 40,000 district employees. It wasn’t until three years later that the district discovered information had been sold on the dark web. Vobis said that while her department assumed IT had the data security covered, it’s important to fully understand how those imperfect safeguards affect transportation operations.
Hays noted that many ransomware attacks begin with an email, an easy-to-overlook threat. His advice was to take a moment to analyze the message and sender, and “think before you click.”
“Balance the drive to get tasks done with making sure we know what it is we’re doing,” added panelist Lam Nguyen-Bull, a consultant at Edulog and an attorney, explaining that it’s everyday behavior that creates the most risk.
She continued that understanding and managing data flow and security starts with understanding that “data is just information,” whether physical or digital. Just as Berndt noted, Hays also emphasized the importance of knowing exactly where data is at all times. When it’s being used, when it’s being stored and when it’s in transit. Encryption must be present at all these levels, he explained.
Nguyen-Bull continued that data in storage is the easiest stage to protect it. When data is in transit across the web, it is generally protected by a Secure Sockets Layer (SSL) or Hypertext Transfer Protocol Secure (HTTPS). When it’s being used it is protected by a firewall in a closed environment.
“What makes it vulnerable is when it’s between stages,” she said. “When it’s not being managed by a system.”
Nguyen-Bull used the example of a parent portal app, which she referred to as “a perfectly safe product if you use it right.” Ensuring that only the relevant parties can view data or a particular school bus location, or that a tablet onboard the bus is locked is the responsibility of the owners of the data. “Know what your responsibilities
are regarding the data you handle, you need to know the policies,” said Hays.
The human element of safely managing and effectively protecting data is a team effort, said Vobis, but it may be a teaching moment if all the staff is not up to date on technological education and cybersecurity training. Even though some of these practices may be considered common sense, the panel stressed the importance of covering all your bases and making sure each member of the team understands the implications of data breaches.
When things go wrong, and Nguyen-Bull noted that they will, it’s crucial to have an action plan in place to not only get the issue under control but to understand what happened and how it can be prevented in the future.
During a security audit situation, like one a “white hat” firm performed on Edulog last year, “We don’t usually like to answer questions, but understand we’re not being attacked. [Auditors] are just trying to understand,” she explained. “Be collaborative, learn from other people’s experiences. Despite best efforts to lock things down, there is always a high risk.”
We always think it’ll never happen to us,” said Vobis. Even after the situation at Clark County was resolved, she said there was an impact on how information was shared. Vobis cited an example of improper information sharing via Google Suites, where security privacy settings weren’t on. Nguyen-Bull referenced receiving an email with an attached unencrypted spreadsheet containing detailed data on student riders.
“Practice doesn’t make perfect, but practice does make it better,” said Nguyen-Bull, recommending that districts run tabletop exercises to prepare for when the “unthinkable does happen.”
All the panelists advised that student transporters take time to find out their organization’s cyber policies and security protocols.
Hays spoke to the widespread variety and type of ransomware and cyberattacks, noting that they can happen to very small and extremely large organizations, alike. He advised that transportation departments should have software in place to scan incoming files for possible attacks and that transportation should coordinate with the district to ensure security protocols for transferring or receiving data is being upheld throughout all operations.
Nguyen-Bull noted that even though it may seem like data is spread out between multiple people or databases, it can be easy for that information to get centralized somewhere within the district. She continued that predictive computation could use any amount or type of data to create complete pictures.
“Data is permanent, in all forms,” said Hays. “It can come back to bite you, no matter what stage it’s in.”
Both he and Nguyen-Bull advised being cautious with “new and improved AI” technology that is being created to meet the demand of ever-increasing data. Hays referenced the addage “Trust but verify,” which he said is applicable to all of us, in our personal and professional lives.
In a continually evolving digital landscape, Nguyen-Bull said that while she does work for a software company, she makes sure to prioritize people with face-to-face and voice interactions.
“Don’t reduce everything to digital.”
Editor’s Note: As reprinted in the November 2024 issue of School Transportation News.
Related: What Do You Really Need from Technology?
Related: (STN Podcast E218) Onsite at STN EXPO Reno 2024: Coming Together for Safety, Technology & Clean Energy
Related: STN EXPO INDY AI Session Advises Attendees to be Curious but Cautious
Related: Technology and Communication: Crucial for Bus Maintenance and Safety
