Virus exposes computer system in need of major upgrade
JANESVILLE — A recent computer-virus attack revealed a Janesville School District computer system weakened by years of insufficient investment.
District Business Director Doug Bunton admitted budget constraints led to a "minimalist" approach to maintaining the computer network, which supports about 4,300 desktop workstations district wide.
On Friday, the head of the school district information technology department told The Janesville Gazette he chose to resign rather than be fired in the wake of the chaos caused by the virus.
The virus attacked Sept. 19 and wasn't completely eradicated until recently, officials said. Scattered problems remain around the district.
The district actually was working to upgrade the system leading up to this school year, but that work had to be set aside as IT staff members, consultants and temporary workers fought the virus.
The district's computer network was designed in 1995. Voters in 1997 approved a referendum that included $9.7 million to build a system that wired every building for the Internet and put at least one computer in every classroom.
The uses for computers in classrooms grew explosively over the years, Bunton said.
The system got periodic upgrades, but more could have been done, Bunton acknowledged in an interview last week.
Insufficient funds
Holding the district back were tight budgets, and Bunton blamed the state's revenue cap system. Revenue caps are part of a tax-relief effort that holds down yearly spending increases for public schools.
School officials have long complained that revenue caps have not allowed their spending to keep up with their expenses.
Handicapped computer-maintenance budgets combined with escalating use by staff have led to a computer network that needs an overhaul, Bunton said.
"If we under-funded it, then shame on us," said Lori Stottler, a school board member who has criticized the administration for not fully answering her questions about the virus attack.
Stottler said students are told regularly that they will be competing in a globally connected workforce of the future, but: "Our technology isn't up to par to show them what it might look like. It's a double standard. It doesn't work. For me it's like teaching with out-of-date textbooks."
Early warnings
The district had clues that its system might be vulnerable.
A Craig High School student hacked into the system two years ago, causing outages at the school. And last January, the system suffered an external attack from something called a "data packet."
And a 2005 consultant's report stated that the district lacked sufficient information-technology staffing. Staff was not increased, but the district did undertake other improvements the consultant recommended.
Bunton would not discuss the job performance of anyone in his IT department, on the advice of district legal counsel who sat in on a Gazette interview with Bunton.
But Bunton on Wednesday expressed confidence in the skills of his IT manager, Brandon Keirns.
Keirns said he resigned Thursday rather than be fired. He said he plans to ask the school board to refuse his resignation and place him on administrative leave while the reasons for his possible termination are investigated.
Bunton rejected the notion that the current IT staff is insufficiently trained.
"Could we do more? Sure. But is that the problem behind this? No," Bunton said. "There's no way you could draw that direct correlation between the virus getting in and not having provided sufficient staff development. …
"I really think we do have a lot of good people really trying hard, and to cast a shadow over their skills and abilities in this environment just really isn't fair to them," Bunton added.
Stottler remains critical: "We are under-funded and I get that. And we are understaffed, and I get that," but she said it's unacceptable that teachers and staff had to endure virus-related outages for nearly two months.
Repair costs
Bunton said the district will have spent about $50,000 to get rid of the virus and repair its system. Some of that cost includes upgrades that would have been done in any case, however.
Bunton said the virus attack put the district on notice that the system needs shoring up.
"It has brought it to a head and points to the need to really reevaluate it," Bunton said.
Bunton plans for a consultant to complete an audit of the district's computer needs, which will lead to spending recommendations in the 2009-10 budget.
Bunton couldn't say how much it will cost to upgrade the computer system.
"Today it would be hard to speculate because we don't know what the audit will turn up," he said. "I'm sure there will be additional expenditures needing to be made to staffing, equipment and software. I'm not sure, yet, how much.
"It's a very high priority for me, for the district."
Education deficit
Stottler said an outage of this length would be unthinkable in a business or hospital. She wondered how much educational value was lost because computers were down.
Bunton said it would be impossible to measure the loss, but he credited teachers for adapting to the loss of one of their prime tools for storing records and lesson plans.
Stottler said she has not been satisfied with answers she has gotten. She has called for a closed-door meeting to discuss personnel issues related to the computer system.
Board President DuWayne Severson, who is in charge of setting meetings and agendas, said he would work with Stottler to set up a meeting.
"I really just want to hear from administration who's accountable for this, how did we get here, and what are you going to do about it," Stottler said.
Security measures
The IT staff was working to upgrade the system when the virus hit. A better antiviral program was scheduled to be installed last summer, but other needs took priority, Keirns said.
"Some of those projects just ended up taking more time and resources than anticipated. So we just pretty much ran out of time," Keirns said.
One project that did get done was to activate the Microsoft security updates on all desktops. Before this summer, those automatic updates were turned off. Bunton could not say for certain whether they were ever turned on.
The reason for not having updates activated was because the staff and the computer network could not handle them, Bunton said.
Automatic security updates on a home computer are normally no problem, Bunton said. But in a network that uses such a wide variety of software, an update could conflict with another program, causing problems.
So the updates must be tested before they are allowed onto the desktops, Bunton said.
Until recently, the district had to go to each of the thousands of computer stations to allow the updates, something that was virtually impossible, Bunton said.
Now, the district has new management software, called Kaysea, which automatically checks the updates and installs them at the workstations automatically.
Cost for using Kaysea is about $216,000 a year.
Saving data
Bunton said the district must improve the way it backs up data, so that information is saved in the event of a viral attack or other disaster.
Officials believe at least 99 percent of the district's data survived this fall's virus attack, but that's no guarantee of future success.
Administrators' files at Marshall Middle School were lost last summer when software failed, Keirns said. No student records were lost.
The current system can barely keep up with district needs, Keirns said. A key question is how powerful a backup system should be purchased.
The system audit will include recommendations on what to do about backing up data, Bunton said.
Bunton seems determined to make improvements. He even brought in a consultant to critique how the district is handling the repairs in the wake of the virus attack.
"We are there. We are ready. We need to reevaluate what we have and where we are going with it," Bunton said.
"It's time, and we need to be doing that for the students."
Original Article
