As I reflect back on my days while growing up, I often reflect
back on how I made it through high school, college, and even grad school
without Google, or even a smartphone. But
we did it the old-fashioned way, and that was using the Funk and Wagnalls Encyclopedias,
and going to the library every day. Neve
did I realize back then (or for that matter anybody, really) that things like
Azure or ChatGPT would come into existence.
But one nemesis I had back in high school was that good ‘ole
SAT. I have never done well on standardized
tests, and so I ended up taking it like three times, but still never did very
good at it. By good fortune and the
grace of God, I was still able to get
into Purdue.
Back then, we had to report to our school, show some kind of
ID, sit down, and take the tests with our number 2 pencils. Then we had to wait patiently for the next
six weeks until we got our results back.
But now, the SAT is starting to be offered online, and will be totally
that way starting in 2024.
The main trigger point for this was the COVID-19 pandemic
when test takers had to take the SAT at home.
Along with the advantages of taking it online, come the risks
as well, especially from the standpoint of Cybersecurity. Here is what is at stake:
1)
BYOD:
This is an acronym that stands for “Bring
Your Own Device”. This is where
businesses would let their employees do their daily job tasks, straight from
their own, personal device. Again, this peaked
during the COVID-19 crisis, as many companies simply were not prepared at the time
to issue company devices. One of the
biggest security risks here is that very often these devices do not offer the same
level of protection, because many people simply just do not install all of the needed
stuff. So, data leakages are quite
common, and are a top prey for the Cyberattacker. Quite surprisingly, the College Board (the
creators and administrators of the SAT) now allow high schoolers to bring their
own smartphone, tablet, notebook, etc.
to take the exam online. But if the student cannot afford a
smartphone, one will be provided to them.
When I took the SAT, nothing was allowed except your ID and pencils. Not even
a bottle of water. If you were caught
in anything, you were immediately thrown out.
So by letting then use their own device, who is to say that they won’t
have materials on their smartphone to
help them cheat? Obviously, the exam
proctors can’t inspect these personal devices, as violation of privacy rights
will abound greatly.
2)
The Network Security:
By now having it all online, the
school is going to have to make doubly sure that they have the required bandwidth
to support the test taking day. It has
been estimated that each student will need at least 100 Kkps of bandwidth to
start and end the test. Now imagine if
there were hundreds of students taking this exam all at the same time? Not only will this lead to slower load times
of the online SAT, but it may cause the students to take a lot longer than the allotted
to finish it. Also, slower networks are
a backdoor for the Cyberattacker. For
example, with this kind of throughput, the Cyberattacker can get a closer
look into the integrity of the network
traffic, determine where the weak spots are at, and from there, insert the malicious payload. Another downside here is that high schools
often have very limited budgets for doing IT stuff. As a result, they may try to cut corners in
order to accommodate this increased bandwidth need, but once again, this will create
more holes for the Cyberattacker to
penetrate into.
3)
The students themselves:
When we think of a Cyberattacker,
we have the image of a person in a dark room in front of a computer with a hoodie,
in some foreign country. But the truth
of the matter is that even the high school students themselves could be hackers. For example, on the Dark Web, there are many “as
a Service” offerings that a student can buy for pennies on the dollar. Many of these services are those that offer launching
a Cyberattack on behalf of the purchaser.
It takes very little technical skill and time to do this, so it is a
very attractive option for anybody that is bent on doing damage in the digital
sense. The fear now is that on the scheduled
day for an SAT, a student could pay for one of these services to launch a
Ransomware or even DDoS attack in order to further move back the test date, thus
greatly affecting the college application and financial aid process for the
test takers.
My Thoughts On This:
In order to level the playing field equally to all students,
and to offer the maximum amount of protection from all fronts, schools should consider
administering the SAT in a Cloud based environment, such as that of Microsoft
Azure. For example, the school can
create a virtual desktop environment for all of the test takers, and once the
test administering is done, these
virtual desktops can then be deleted.
IMHO, this is a very affordable and efficient manner in which
to deploy the SAT for everybody. Of course,
the details of this kind of infrastructure will vary, depending upon the needs
and security requirements of each and every high school.
But whatever happens, we must come to accept that these are the
consequences of moving to a 100%, digital based environment. It sort of goes back to my blog from yesterday,
where I wrote about Cyberwarfare: How can one discriminate between a civilian
and an enemy combatant when the battle ground is completely digital?? Likewise, how do we know if the students are
for real when they take the online version of the SAT??
These are some tough obstacles that will have to be overcome. More information about the online SAT can be
found at this link:
https://newsroom.collegeboard.org/digital-sat-brings-student-friendly-changes-test-experience
No comments:
Post a Comment