Wednesday, April 17 2024

Cyberattacks on K-12 schools are on the rise, but the White House hopes to change that with a new initiative. Strategic measures recently outlined by the Biden administration are aimed at bolstering the cybersecurity of schools, with action from the Federal Communications Commission (FCC), the Department of Education, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the private sector.

The new measures come after a December 2022 Government Accountability Office (GAO) report which highlighted that 647,000 students were impacted by ransomware attacks in 2021. It noted the prevalence of phishing events, distributed denial-of-service attacks, and video conferencing disruptions as well. According to the report, schools revealed that cyber incidents can cost $50,000 to $1 million in expenses. Likewise, a report from CISA earlier this year called for school officials to prioritize cybersecurity risk management, build relationships with CISA and the FBI, and utilize information sharing forums.

The White House announcement noted that at least eight school districts were impacted by significant cyberattacks during the 2022-2023 academic year, with four resulting in class cancellations or school closures. Other incidents affected education institutions as well. The MOVEit attack in May infiltrated the Minnesota Department of Education, exposing the names of about 95,000 students and other personal information. A similar story played out at the New York City Department of Education: approximately 45,000 students were impacted, in addition to staff and related service providers.

The first of the White House’s measures, originally announced by FCC chairwoman Jessica Rosenworcel in July, proposes a pilot program for cybersecurity investment in schools and libraries. Managed through the Universal Service Fund, the program would provide up to $200 million over three years. This move would require a vote of the commission, and the full details of the proposal would be released upon adoption.

The pilot program marks a second cybersecurity proposal from the FCC in July. A few days later, the commission announced a cybersecurity certification and labeling program in which consumers would see a “U.S. Cyber Trust Mark” shield logo applied to smart products meeting security criteria established by the National Institute of Standards and Technology (NIST).

The announcement also drew attention to a newly released infrastructure brief jointly published by CISA and the Department of Education. The second brief in a series of five, it aids education professionals in building and sustaining core digital learning infrastructure. Key recommendations include enabling multi-factor authentication, using strong and unique passwords, reporting phishing, and updating software. To further the goals detailed in the brief, CISA will be providing individualized assessments, facilitating exercises, and delivering cybersecurity training for 300 new schools over the next academic year.

Indeed, transforming cybersecurity education has been a key goal of the White House. Its National Cyber Workforce and Education Strategy sought to make training less costly and more widely available. Published in late July, the strategy also called for skills-based hiring practices and improved career pathways within the cybersecurity field.

The FBI is taking part in the new effort, too, with plans to release updated resource guides so that state governments and educators are clear on how to report cybersecurity incidents and receive guidance from the federal government. This aligns with the White House’s National Cybersecurity Implementation Plan, released in July. Among the 65 federal agency initiatives in support of the strategy were goals to improve government coordination during cyberattacks.  

The Department of Education will create a Government Coordinating Council that will coordinate schools’ cybersecurity policy among leaders. This will be the first step in the Department’s strategy to safeguard schools and districts from cybersecurity threats and support them in dealing with and recovering from such threats.

Finally, several companies are providing free or low-cost resources to school districts. Cloud software provider for schools PowerSchool is offering new free and subsidized training courses, tools, and resources to all U.S. schools and districts. D2L, an educational software suite developer, has made a commitment to expanding availability of cybersecurity courses. Cloudfare, an IT service management company, will offer a selection of free cybersecurity services to public school districts under 2,500 students.

Notably, Amazon Web Services (AWS) unveiled a $20 million cyber grant program in support of the White House measures. The commitment also includes plans to train IT education professionals through its digital learning center, AWS Skill Builder, which contains 40 security-related courses. Other plans include free cyber incident response assistance and security reviews of all relevant educational technologies.

The White House hosted an event, called “Back to School Safely: Cybersecurity Summit for K-12 Schools,” featuring the new agenda. It brought together key stakeholders, including First Lady Dr. Jill Biden, Secretary of Education Miguel Cardona, Secretary of Homeland Security Alejandro Mayorkas, school administrators, educators, and education technology providers from across the U.S.

“Every student deserves the opportunity to see a school counselor when they’re struggling and not worry that these conversations will be shared with the world,” Biden said. Cardona added, “We need to be taking these cyberattacks on schools as seriously as we do the physical attacks on critical infrastructure.”


Buguard Secures $500K Seed Funding


Sweet Security Lands $12M in Seed Funding

Check Also


Don’t Miss

The words Endpoint Detection and Response (EDR) on a green background with lines on the right side of the image

Best Endpoint Detection & Response Platforms

Lara Oporto

Endpoint Detection & Response platforms continuously monitor endpoints for signs of malicious activities, such as unauthorized access or unusual behavior, enabling rapid detection and response to potential cyber threats to safeguard organizational assets. What is Endpoint Detection and Response and how does it work? Endpoint Detection and Response (EDR) is a cornerstone in modern cybersecurity […]

AT&T AlienVault Products Review: OSSIM vs USM

Ellie Buscemi

AlienVault is now the technological basis for AT&T AlienLabs and provides multiple products for different companies’ cybersecurity needs. What AT&T AlienVault Products are Available? In December 2021, CISOstack reported that AT&T intended to acquire AlienVault to expand its cybersecurity offerings to more businesses. Two years later, AlienVault-based offerings make up a large portion of AT&T’s […]

Photo by Simon Kadula on Unsplash.

Navigating Manufacturing IIoT Cybersecurity Challenges

John Powers

Guarding the Gears: Government policy and industry collaboration to mitigate cyberthreats to manufacturers. The smart factory is on the rise. Production lines equipped with advanced sensors can monitor equipment health in real-time and predict potential issues before they disrupt operations. Temperature and humidity sensors can ensure the optimal environment for delicate manufacturing processes. RFID-enabled asset […]

Best Microsegmentation Software

Ellie Buscemi

Microsegmentation allows a company to divide digital assets into smaller, more secure groups, which makes it harder for cybercriminals to take over a company’s data center. What is Microsegmentation? Microsegmentation refers to cyber professionals building layers of cybersecurity protection between groups of digital assets or individual cyber assets. Adding these layers inside instead of only […]

Best Breach and Attack Simulation Platforms

Ellie Buscemi

Breach and attack simulation (BAS) platforms allow companies to see weaknesses in their cyber infrastructures before a malicious hacker can exploit them. What Is BAS – Breach and Attack Simulation? Breach and attack simulation (BAS) is an approach to cybersecurity that uses advanced tools to imitate the attacks used by cybercriminals on companies’ digital infrastructure. […]

Ofer Ben-Noon and Ohad Bobrov

Palo Alto Networks to Acquire Talon

Ellie Buscemi

On Monday, Palo Alto Networks agreed to acquire Israeli startup Talon Cyber Security, an enterprise browser platform. The deal values Talon at between $600 to $700 million, according to The Information. Palo Alto will integrate Talon’s enterprise browser solution into its Prisma SASE product. The acquisition comes among a wave of acquisitions and releases involving […]