Powered by AI, Cyber Threats Can Even Reach Second Graders

https://www.govtech.com/security/powered-by-ai-cyber-threats-can-even-reach-second-graders

Publish Date: 2026-06-24 13:31:00

Author:

Using an unordered list, summarize the following article with between 4 and 8 key points.

PORTLAND, Ore. — As if the job of cybersecurity officers was not made difficult enough in today’s world of threats ginned up by AI, try introducing risk-avoidance tools like multifactor authentication to second graders using Chromebooks.“It’s not going to happen,” Hailie Roark, information security manager at Clackamas Education Service District (CESD) in Clackamas County, Ore., said during a cybersecurity panel Tuesday at the annual meeting of Link Oregon at Portland State University.CESD offers specialized instruction to children ages 3-21 with complex needs, helping the eldest find employment; and offers teacher, student and technology support to area districts. Link Oregon is a nonprofit member organization providing middle-mile connectivity and other resources to K-12 districts, universities, cities and other public-sector organizations.K-12 school districts are certainly not immune to cyber attacks, but because of their many technology users, cybersecurity officials have had to come up with more creative approaches to controlling risk.“Things like MFA, one of my favorite rants is, ‘how do you provide and enforce MFA for second graders?’” Roark said, using the shorthand for multifactor authentication, the go-to security protocol organizations use to control the security of the many endpoint devices in circulation, including laptops.School districts of all sizes now issue Chromebooks to students from elementary to high school. Each of these devices is a possible entry point for a cybercriminal. A challenge for school districts — which is unique to an organization with so many young people in possession of tech — is the job of securing these devices.“What do you do? Do you give them a little fob? Do they bring it back and forth from home every day? Do they take care of it? Does it come back?” Roark said, offering scenarios which clearly stretched anyone’s idea of plausible.Is it realistic to expect second graders to “type in an incredibly complex password, and then get out their fob, and type in the numbers?” she said. “And who pays for all of that?”These are some of the particular challenges K-12 cybersecurity officials face.“We have one bucket of money, and each dollar that we take for security is quite literally being taken out of a child’s education. We can’t win that battle,” Roark said. “So I tell my districts, we’ve got to get creative. We’ve got to get scrappy. And we’ve got to get surgical.”That might mean blocking lower-grade levels from being able to log in to their Chromebooks outside the campus.“Anything you can do is what you need to do,” Roark said, indicating districts need to find little areas “where we shave off risks.”Districts need to come together to work collectively through these kinds of cybersecurity challenges, she said, “and work together to get those resources. Because they’re not out there. We don’t have the dollars, and the cybersecurity industry isn’t creating products that are going to work for a second grader.”This level of collaboration was a common theme among cybersecurity experts at the event, who offered grim findings from their front lines of managing and preventing threats — which have only increased, thanks to the muscle of AI.“Two years ago the number of attacks were much smaller. And less sophisticated,” Michael Klinkerfues, network services manager at Central Oregon Community College, said during the panel. AI, he said, is “helping the bad actors get better at it, faster.”Jose Dominguez, University of Oregon CISO, called AI “an accelerator.”For example, it has been common for cybersecurity teams to educate their organizations about what to look for in a phishing email, he said, listing telltale giveaways like misspellings.“AI will develop a phishing campaign that is targeted just for an individual,” Dominguez said. “You are going to get a lot of different channels just targeting that particular individual.”Collaboration among cyber officials is helping to head off some of the attacks in the rapid-fire world of cybercriminals armed with AI-powered tools, experts said.Many of the people working in IT in Central Oregon often collaborate to monitor and track cyber events, Klinkerfues said, noting that a cyber attack in a city like Bend will often be followed 20 minutes later by another attack in a nearby city like Redmond.“That collaboration is kind of a key piece to how we can react and stay ahead of them,” Klinkerfues said. “But it comes fast.”