Dive Brief:
-
The federal government on Monday released guidance documents and announced other public and private initiatives to strengthen K-12 cyber defenses, in advance of a White House meeting on the topic to be held later in the day.
-
The White House and the departments of Education and Homeland Security said they would establish a government coordinating council to organize cybersecurity activities and communications. This collaboration among federal, state and local leaders aims to bolster protections against and responses for cyberattacks.
-
According to the White House, at least eight school districts were victims of major cyberattacks in the 2022-23 school year, with four of those districts having to cancel classes or close temporarily, which included the theft of sensitive student information.
Dive Insight:
Monday's announcement and the scheduled follow-up White House event are notable for their focus on K-12 education in the battle against cyber threats. The agencies and the White House emphasized that K-12's technology infrastructure must be a priority in the same way efforts are made to protect schools' physical infrastructures.
"Just as we expect everyone in a school system to plan and prepare for physical risks, we must now also ensure everyone helps plan and prepare for digital risks in our schools and classrooms," said U.S. Education Secretary Miguel Cardona, in a statement.
Cardona is to join First Lady Jill Biden, Secretary of Homeland Security Alejandro Mayorkas, school administrators, educators and leaders of private companies at the White House late Monday afternoon to discuss best practices and the newly announced resources.
A 2022 U.S. Government Accountability Office report said ransomware attacks impacted more than 2.6 million students between 2018 and 2021. The GAO report recommended federal agencies improve their coordination on K-12 cybersecurity to help schools address risks and threats.
In a Sunday press call, Anne Neuberger, deputy national security advisor for cyber and emerging technology, said to prevent cyberattacks schools need cyber defense and response information, funding and skilled personnel.
Cindy Marten, deputy secretary of the Education Department, said K-12 faces unique cyber challenges in this digital age. "Schools must protect sensitive student data, prevent cyber threats and ensure that digital learning resources remain accessible and also secure," Marten said during the call.
The new initiatives include:
-
A proposed pilot program that would provide up to $200 million over three years through the Universal Service Fund to increase cyber defenses at schools and libraries in coordination with federal agencies that have expertise in cybersecurity. The proposal needs the approval of commissioners with the Federal Communications Commission.
-
The Education Department's creation of a government coordinating council to organize information about preparing for, responding to and recovering from cyber threats and attacks.
-
A guidance document specifically for K-12 that education leaders can reference to help mitigate vulnerabilities, manage third-party vendors, create cybersecurity governance, provide basic cybersecurity training and conduct other activities.
-
Updated guidance from the FBI and the National Guard Bureau on how school systems can report cybersecurity incidents and get support from federal cyber defense programs.
-
Cybersecurity training conducted by the Cybersecurity and Infrastructure Security Agency for 300 K-12 systems over the next school year.
-
Efforts from private corporations, such as Amazon Web Services, Cloudflare, Google, PowerSchool and D2L, to provide schools with cyber solutions, including some no-cost options.
