Maricopa Security Breach

The rest of the story

By

Board minutes reveal that MCCCD may still be at risk

Information contained in public MCCCD Board minutes speak of how huge the security problem at MCCCD is. MCCCD has publicly disclosed their vulnerabilities and the monumental effort require to fix the problem that was reported in April 2013. It makes you wonder if MCCCD web servers should be even operational given the information disclosed below.

MCCCD Board Minutes from Nov 12, 2013 reveal extend of compromise

Here is a segment from the Nov 2013 Board Minutes where MCCCD acknowledges the scope of the problem and what’s left to be done.

V.A.1 APPROVAL OF AUTHORIZATION OF INCREASED EXPENDITURE
FOR WEB REMEDIATION CONSULTING SERVICES

This is a follow-up item to move to a One Maricopa enhancement
effort. It’s a three-phase system. Once Eagle Creek has assessed the
existing web infrastructure, 1) they will help with web maintenance
(there are over 10,000 pages), 2) they will look at the web
infrastructure and fix pages that are not working, and 3) they will
rebuild the entire web system into a secure and well run single entity
(currently there are 50-60 systems currently running). It will take 
approximately 18-24 months to fix. 

o Will Maricopa contract out maintenance or can it be
supported in-house upon completion? (IT will create a web

team trained in the use of the new system and work with a
marketing team to deploy content. There will be both
dedicated technical and marketing staff. This effort is only for
the District’s web page; it does not include the college pages.)

o How can we justify to tax payers that it will take 18-24 months
to fix while leaving us vulnerable to hacking? (Hacking is being
addressed right now—it is not dependent on this effort. It will
take time because not everything is running parallel. The
vendor is going through the websites and making sure they
work properly but there are over 90 with about 25 pages per
group; it would require hundreds of web programmers to
reach out to all the end users if they tried to do it all at once.
The District web has grown organically since its inception and
it now has to be standardized. Once the system has been
cleaned, the recovery time will be much better in future
situations (less than a week).)

The efforts mentioned above do not include remedial efforts for any of the 10 college also running their own webservers.  MCCCD publicly acknowledged that the problem that affected their computers in 2013 had the ability to spread to college servers.  SIS data from District containing personal information is shipped to colleges on a daily basis according to information found online. It makes you wonder how secure this information is when the main District Office has now lost nearly 50% of their staff.

Leave a Reply