Dive Brief:
- As cyberattacks against school districts remain a serious threat, the Federal Communications Commission needs to coordinate with other federal agencies to step up K-12 cybersecurity, wrote U.S. Rep. Doris Matsui, D-California, in a Dec. 8 letter to FCC Chairwoman Jessica Rosenworcel.
- Matsui said the FCC needs to “reevaluate its abilities and limitations” to combat cybersecurity threats in schools. To ensure a coordinated approach at the top, she said it’s critical the FCC regularly work with other federal agencies to help protect schools.
- Schools and districts are struggling with their limited resources “to keep up cybercriminals that employ rapidly evolving tactics to steal sensitive data, disrupt learning, and threaten school safety,” Matsui said. Additionally, she cited nonprofit K12 Security Information Exchange’s finding that ransomware attacks were the most common type of cyber incident schools experienced in 2021.
Dive Insight:
Matsui's plea to the FCC comes after the U.S. Government Accountability Office recently pointed out a lack of federal agency cooperation on K-12 cybersecurity. The watchdog agency in October wrote that the U.S. Department of Education and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency “have little to no interaction with other agencies and the K-12 community” over cybersecurity in schools.
The FCC’s E-rate program, which provides significant discounts for school internet connections and telecommunications infrastructure, covers basic firewall services. “Though these basic firewalls may be productive in preventing some of the most routine and unsophisticated cyber threats, they fall far short of adequately addressing the threat landscape schools face today,” Matsui wrote.
In a recent survey of 2,085 E-rate applicants from schools and libraries, an overwhelming 98% said they want network security included in the FCC program. That survey was released in October by consulting firm Funds For Learning.
Additionally, a November letter from five companies, including Microsoft and Cisco, urged the FCC to add advanced firewalls to its E-rate program, as recommended by Funds For Learning. The annual cap on this cybersecurity expense should be $60 million, the letter suggested.
The companies further called for increased collaboration between the Education Department, FBI and CISA to “help develop a long-term strategy for ensuring our schools and libraries can protect themselves in an ever-evolving cyber threat landscape.”
Meanwhile, K-12 schools continue to be a notable target for malicious cyberattacks, according to the Multi-State Information Sharing and Analysis Center.
The MS-ISAC report found schools are typically under-resourced and unprepared to handle major cyberattacks. In fact, the report said the average school spends just 8% of its IT budget on cybersecurity.
CISA also announced in November that K-12 schools would be among its priority sectors, along with water and hospitals, in 2023.
