Wednesday, June 12 2024

Cyberattacks on K-12 schools are on the rise, but the White House hopes to change that with a new initiative. Strategic measures recently outlined by the Biden administration are aimed at bolstering the cybersecurity of schools, with action from the Federal Communications Commission (FCC), the Department of Education, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the private sector.

The new measures come after a December 2022 Government Accountability Office (GAO) report which highlighted that 647,000 students were impacted by ransomware attacks in 2021. It noted the prevalence of phishing events, distributed denial-of-service attacks, and video conferencing disruptions as well. According to the report, schools revealed that cyber incidents can cost $50,000 to $1 million in expenses. Likewise, a report from CISA earlier this year called for school officials to prioritize cybersecurity risk management, build relationships with CISA and the FBI, and utilize information sharing forums.

The White House announcement noted that at least eight school districts were impacted by significant cyberattacks during the 2022-2023 academic year, with four resulting in class cancellations or school closures. Other incidents affected education institutions as well. The MOVEit attack in May infiltrated the Minnesota Department of Education, exposing the names of about 95,000 students and other personal information. A similar story played out at the New York City Department of Education: approximately 45,000 students were impacted, in addition to staff and related service providers.

The first of the White House’s measures, originally announced by FCC chairwoman Jessica Rosenworcel in July, proposes a pilot program for cybersecurity investment in schools and libraries. Managed through the Universal Service Fund, the program would provide up to $200 million over three years. This move would require a vote of the commission, and the full details of the proposal would be released upon adoption.

The pilot program marks a second cybersecurity proposal from the FCC in July. A few days later, the commission announced a cybersecurity certification and labeling program in which consumers would see a “U.S. Cyber Trust Mark” shield logo applied to smart products meeting security criteria established by the National Institute of Standards and Technology (NIST).

The announcement also drew attention to a newly released infrastructure brief jointly published by CISA and the Department of Education. The second brief in a series of five, it aids education professionals in building and sustaining core digital learning infrastructure. Key recommendations include enabling multi-factor authentication, using strong and unique passwords, reporting phishing, and updating software. To further the goals detailed in the brief, CISA will be providing individualized assessments, facilitating exercises, and delivering cybersecurity training for 300 new schools over the next academic year.

Indeed, transforming cybersecurity education has been a key goal of the White House. Its National Cyber Workforce and Education Strategy sought to make training less costly and more widely available. Published in late July, the strategy also called for skills-based hiring practices and improved career pathways within the cybersecurity field.

The FBI is taking part in the new effort, too, with plans to release updated resource guides so that state governments and educators are clear on how to report cybersecurity incidents and receive guidance from the federal government. This aligns with the White House’s National Cybersecurity Implementation Plan, released in July. Among the 65 federal agency initiatives in support of the strategy were goals to improve government coordination during cyberattacks.  

The Department of Education will create a Government Coordinating Council that will coordinate schools’ cybersecurity policy among leaders. This will be the first step in the Department’s strategy to safeguard schools and districts from cybersecurity threats and support them in dealing with and recovering from such threats.

Finally, several companies are providing free or low-cost resources to school districts. Cloud software provider for schools PowerSchool is offering new free and subsidized training courses, tools, and resources to all U.S. schools and districts. D2L, an educational software suite developer, has made a commitment to expanding availability of cybersecurity courses. Cloudfare, an IT service management company, will offer a selection of free cybersecurity services to public school districts under 2,500 students.

Notably, Amazon Web Services (AWS) unveiled a $20 million cyber grant program in support of the White House measures. The commitment also includes plans to train IT education professionals through its digital learning center, AWS Skill Builder, which contains 40 security-related courses. Other plans include free cyber incident response assistance and security reviews of all relevant educational technologies.

The White House hosted an event, called “Back to School Safely: Cybersecurity Summit for K-12 Schools,” featuring the new agenda. It brought together key stakeholders, including First Lady Dr. Jill Biden, Secretary of Education Miguel Cardona, Secretary of Homeland Security Alejandro Mayorkas, school administrators, educators, and education technology providers from across the U.S.

“Every student deserves the opportunity to see a school counselor when they’re struggling and not worry that these conversations will be shared with the world,” Biden said. Cardona added, “We need to be taking these cyberattacks on schools as seriously as we do the physical attacks on critical infrastructure.”


Buguard Secures $500K Seed Funding


Sweet Security Lands $12M in Seed Funding

Check Also


Don’t Miss

Best Security Information and Event Management (SIEM) Solutions

Lara Oporto

A Security Information and Event Management system (SIEM) is typically most needed in larger organizations or those with complex IT infrastructures where there’s a high volume of security events and logs generated from various sources. Companies often invest in SIEM when they require comprehensive visibility into their network activities and want to centralize security monitoring […]

Best Browser Security Products

Ellie Buscemi

What is Browser Security and how does it work? Browser Security is a subcategory of cybersecurity that focuses on minimizing a user’s vulnerability to cyber threats while they use the worldwide web. These cyber threats include phishing web pages, session hijacking and malware, which can be injected onto a device by means of tamped-with web […]

Headshot of BastionZero CEO Sharon Goldberg

Cloudflare Acquires BastionZero to Enhance SASE Offering

Nico Davidoff

Acquisition Aims to Boost Cloudflare One’s Capabilities Amidst Growing SASE Market Competition Cloudflare has acquired BastionZero, a zero trust infrastructure platform, in a move aimed at enhancing its Cloudflare One secure access service edge (SASE) offering. The acquisition underscores Cloudflare’s commitment to expanding its presence in the growing SASE market. Cloudflare reported first-quarter revenue of […]

Best Secure Access Service Edge Platforms

Lara Oporto

What is SASE and how does it work? Secure Access Service Edge (SASE) is an architectural model that combines network connectivity with security functions, all delivered through a unified cloud platform or centralized policy control. In contrast to the traditional approach, where network security relies on a multitude of distinct functionalities like firewalls, Virtual Private […]

Best Data Security Posture Management (DSPM) Products

Ellie Buscemi

What is Data Security Posture Management and how does it work? Data Security Posture Management (DSPM) tools focus on protecting data by continuously tracking where it is located and who has access to it. DSPM refers to a set of methods that cybersecurity professionals use to better understand their sensitive data like what it is, […]

Best Network Detection and Response (NDR) Platforms

Lara Oporto

What is Network Detection and Response? Network Detection and Response (NDR) products are cybersecurity solutions that focus on monitoring and analyzing network traffic to identify and address potential threats. Although NDR does not prevent cyberattacks from happening, NDR products focus on catching ongoing attacks before they cause harm. How does Network Detection and Response work? […]