How to properly protect access to digital workspaces (ENT)? This is the thorny question that the government is asking itself, after the multiple intrusions into the systems of dozens of educational establishments.
In secondary and higher schools across France, students have discovered messages sent en masse within the establishment containing terrorist threats and, sometimes, videos of beheadings.
On March 28, the Ministry of National Education announced that it was working on a “shared roadmap aimed, in the short and medium term, at better protecting digital workspaces and school life software.”
human guilt
In the case of messages containing terrorist threats, ENT’s security was not compromised. As the Ministry of National Education recalled on March 25, these intrusions are related to identity theft and, above all, to human failures, regularly exploited to hack otorhinolaryngologists.
At the moment, no technical failure has allowed hackers to systematically steal user passwords. These are users (secondary or high school students) who have had their connection password stolen, in particular by installing malware on their computer. And it is the volume of users who are likely to have their passwords stolen that poses the main difficulties.
With ORL available in all high schools and 90% of middle schools according to official figures, and therefore hundreds of thousands of students with an account, there are numerous entry points. Especially if a simple connection allows you to send a message accompanied by a photo or video to an entire establishment.
Decentralized governance
Another specificity: the sensitivity of the public that consults these ENT specialists, with a large number of minors. And, therefore, potentially dramatic consequences, in the event of mass sending of shocking content, as may have been the case with terrorist threat emails.
The dissemination of “illegal” or “shocking” content was precisely one of the “scenarios feared” by the Ministry of National Education in its “ENT master plan.”
In addition to the risks inherent in password leaks or a hypothetical security breach, ENTs face another obstacle: decentralization, with departmental management for secondary schools or regional management for secondary schools, in parallel with possible recommendations at the national level.
Double face authentication
To prevent identity theft after password hacking, there is a technical solution. And it is also offered on the main social networks: double authentication, which allows you to validate the connection to your account by entering a code received by SMS.
Like Baptiste Robert, he points out an important limitation: the very high cost of the system, due to the billing for sending SMS on each connection by technical service providers.
At the same time, imposing double authentication on otolaryngologists would be equivalent to requiring high school and college students to have a smartphone. A very unlikely scenario.
Unable to secure the system, the most pragmatic option might be to limit its use. This is also what was urgently decided, now preventing students from sending messages in otorhinolaryngology, anywhere in France.
“Perhaps we should ask ourselves if students need to send email-type messages, with attachments as an added benefit,” summarizes Baptiste Robert.
Source: BFM TV
