Email not displaying properly? Click here to view as Webpage!

Directors Update

Welcoming a New Project Manager, and a Look Back!

We are pleased to introduce Rebecca Rose, our new Project Manager - Print and Board Document Management Services. Rebecca brings a wealth of experience in document management, policy implementation, and strategic program oversight from both the public and educational sectors. Rebecca is eager to partner with our regional districts to bring operational excellence and top-tier service for any printing and document services needs. You can contact Rebecca directly via email, or by calling 315-433-2229. 

This is the last installment of the year, but we’ll be back in September to coincide with the start of the new school year! But before we look forward, let’s first look back at some of the most critical points discussed over the past year:

• Shaping the 2027–2030 Wide Area Network (WAN) Renewal: Planning is officially underway for the next three-year WAN service cycle. The CNYRIC has been gathering critical regional feedback through surveys and focus groups to define key network design priorities like scalability, security, and redundancy. Districts were encouraged to collaborate as full administrative teams to ensure instructional, technical, and fiscal perspectives were all represented. The next phase will focus on the build. 
• Deploying Proactive Regional Cybersecurity Defenses: Moving beyond passive defense, the CNYRIC successfully piloted an advanced threat-hunting initiative utilizing the Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities Catalog. By actively matching this global threat intelligence against local CrowdStrike EDR telemetry, the team successfully identified exposed regional assets and issued targeted mitigations for critical vulnerabilities (such as CVE-2025-33073) before bad actors could exploit them. 
• Vigilant Educational Technology Vendor Oversight: The state's 12 regional information centers (RICs) are closely monitoring a rising wave of complex vendor management challenges, third-party platform misconfigurations, and class-action litigation. Active tracking and investigations continue regarding security incidents and data privacy concerns tied to major platforms like Naviance, McGraw Hill, Navigate360, and i-Ready. Districts are reminded to independently evaluate if student data breach reports are legally required under state regulations if an incident is suspected.
• Driving Actionable Decisions via Advanced Data Analytics: Sustained regional efforts have focused on helping school leaders transform complex student data into clear, actionable strategies through SchoolTool Advanced Analytics Dashboards. Following the success of the Spring Regional Data Analysis & Facilitation User Group, a new Advanced Analytics Focus Group is being launched to collect feedback on visualization tools. Participating educators and administrators will have a direct hand in shaping future data tools to ensure regional reporting equity and accessibility.

PROVIDE LEADERSHIP, ASSISTANCE, AND RESOURCES TO ENHANCE DISTRICTS’ DATA ECOSYSTEMS IN SUPPORT OF LOCAL, REGIONAL, AND STATE PRIORITIES

As the school year winds down, we are heavily focused on end-of-year preparation, data cleaning, and transition support. Our team is actively managing error resolution and conducting Level 2 reviews to ensure everything is accurate and compliant for all recent and upcoming reporting deadlines. Additionally, we are busy prepping end-of-year grids and gathering the necessary datasets for final end-of-year verification. We are also building a new aggregate attendance process for summer school, alongside new dashboards to automate course failure reporting and streamline pupil services reviews.

The team is also in the process of gathering interested educators and administrators to participate in our collaborative Advanced Analytics Focus Group. This initiative aims to gather feedback on data visualization and dashboard tools to ensure they meet the evolving needs of school districts. Participants will have a direct impact on the development of these tools, as the focus group explores concepts of data accessibility, actionable insights, and user experience. The team will meet soon to discuss current capabilities and future enhancements, focusing on standardizing data reporting across regions and ensuring data-driven decision-making equity and accessibility. If you have any questions - or signed up to participate but didn’t get the scheduling link - please contact Alex Ackerman at 315-341-4904.

PROVIDE LEADERSHIP, ASSISTANCE, AND RESOURCES TO ENHANCE DISTRICTS’ SECURITY POSTURE IN SUPPORT OF LOCAL, REGIONAL, AND STATE PRIORITIES

The 2026 Verizon Data Breach Investigations Report, a global analysis of cyber incidents, noted that “exploitation of vulnerabilities” has officially overtaken “stolen credentials” as the leading initial access vector for data breaches. The report points to a widening "remediation gap" where organizations are struggling to keep pace with patching. Driven heavily by threat actors using automation and artificial intelligence to find software flaws much faster, the defense window has shrunk from months down to mere hours.



The CNYRIC encourages districts to review their vulnerability and patch management systems to identify any existing gaps. The following are discussion-starter questions:



Q: What is our established patching cadence for critical systems and applications, particularly those exposed to the internet or containing sensitive student/staff data? How do we ensure timely remediation of vulnerabilities, especially those identified as “high” or “critical” severity?

Q: Beyond automated scanning, what manual or third-party assessments (e.g., penetration testing, external audits) do we conduct to identify vulnerabilities that automated tools might miss? How frequently are these conducted, and how are their findings integrated into our overall vulnerability management strategy?

Q: How do we track and report on our progress in reducing the overall attack surface and vulnerability exposure? What metrics can we use to demonstrate the effectiveness of our vulnerability management efforts to the school board and other stakeholders?

Q: What resources (budget, staffing, training) are needed to mature our vulnerability management program further in alignment with evolving threats? Are there any significant gaps or challenges we face in consistently identifying and remediating vulnerabilities across our diverse school environment?

PROVIDE LEADERSHIP, ASSISTANCE, AND RESOURCES TO ENHANCE DISTRICTS’ TECHNOLOGY ECOSYSTEMS IN SUPPORT OF LOCAL, REGIONAL, AND STATE PRIORITIES

A strong Business Continuity Plan is critical for K-12 operational continuity, especially when facing major infrastructure disruptions like a power outage, network/internet failure, or telecommunications failure. These plans ensure that essential services such as teaching, student safety, food services, transportation, and administration can continue running, or quickly return to normal. To help districts along these lines, the CNYRIC has been sharing a  Business Impact Analysis for Cabinet template. This document will help facilitate discussions at the district administration level around critical systems.