Dive Brief:

• A bipartisan group of state legislators has proposed a $45 million bill to fund a K-12 cybersecurity program in New Mexico, just weeks after a ransomware attack forced Albuquerque Public Schools, the largest district in the state, to close for two days in mid-January.
• The bill would fund three full-time employees and the development of a cybersecurity program for the state’s education technology infrastructure during fiscal years 2023 through 2026. The program would include cybersecurity insurance support, training for employees and students, and creation of a response and recovery plan.
• Bill co-sponsor state Rep. Rebecca Dow gave the bill little chance of passing as is, so she’s working in the meantime on securing $9.5 million for cybersecurity within the FY23 state appropriations bill. 

Dive Insight:

The proposal is significant because of the sizable amount of money it wants to dedicate to helping schools implement necessary changes for K-12 cybersecurity infrastructure.

In fact, the proposed $45 million over four years would be the most earmarked to date for a state’s school cybersecurity efforts from one state or federal government agency, said Doug Levin, national director of K12 Security Information Exchange, a nonprofit focused on helping prevent cyberattacks in school districts. 

“It wouldn’t be the first time legislation like this is proposed and did not end up getting enacted,” Levin said. “What makes the New Mexico legislative proposal unique is the amount of money that the legislature is looking to devote to helping schools increase their cybersecurity risk management practices.”

But Levin said he would be surprised if New Mexico was the last state to propose a large amount of funding toward K-12 cyber defense, adding he expects other states to follow in New Mexico’s footsteps. 

“It’s no mistake New Mexico is considering this legislation soon after the largest school district in the state was shut down because of a ransomware incident, and I think that’s opening people’s eyes to what is an emerging trend,” Levin said.

This legislative session marks the third year in a row a state cybersecurity task force has urged New Mexico legislators for funding toward cyber defense, Dow said. She said she “fully expected” this year to be the one where K-12 cybersecurity funding makes it into the state budget since there’s a surplus. 

Because cybersecurity was not included in the state budget, Dow asked for $1.5 million to be included now and hopes to raise that proposal to $9.5 million before the legislative session ends Thursday. 

“It’s absolutely urgent” to fund K-12 cybersecurity infrastructure improvements sooner rather than later, Dow said.

“We’ve had too much learning loss,” Dow said. “Our dollars need to be spent directly in the classroom improving student outcomes, not paying ransoms.”

Individual school districts, especially rural ones, can’t afford to pay for the initial software and infrastructure needed to provide cyber protection, she said. 

“This is more than just for access to their learning, people are accessing private data, private information, and that needs to end,” Dow said.

At the federal level, Congress in October passed the K-12 Cybersecurity Act, which mandates that the Cybersecurity and Infrastructure Security Agency report on the impact of cyberattacks on schools. The Infrastructure Investment and Jobs Act, enacted in November, provides $1 billion in federal grants to improve state and local government cybersecurity between 2022 and 2025, but states have to submit a plan to CISA under certain parameters. 

While that federal funding for cybersecurity is available to districts, it’s not easily accessible, Eric Lankford, regional director of K12 SIX, previously told K-12 Dive.

“That’s one source of funding. Is it guaranteed? Is it going to be very much? No,” Lankford said.