Security News > 2021 > January > Showering malware-laced laptops on UK schools is the wrong way to teach them about cybersecurity
By distributing malware-ridden laptops to the most vulnerable and needy schoolkids, the Department for Education is guilty of an astonishing breach of responsibility.
It turns out that "We want to run our software on your kids phones and teach them cybersecurity through surprising stuff" is a fun thing to say to educators, governments, and funding bodies.
Who generates the image? Who checks it, and how? What tests are in place? How do you establish a secure supply chain? How are the laptops commissioned before being passed to the children? Who's responsible for ongoing security?
Back to the malwared laptops - what in Hades were they thinking? The story is developing so we don't yet know who was responsible for generating the image for the laptops and checking that it was correctly and securely installed.
My guess is that nobody thought to specify this - contracts went out saying "Windows 10 laptops with X, Y and Z" to resellers, resellers found suppliers, laptops were dispatched from the factory and sent on to the schools that unopened packaging.
It's far worse if you're the government department not only responsible for cybersecurity in schools but also the one sending out the kit that you insist people use.