The Biden administration is launching a new initiative to help strengthen the cybersecurity of K-12 schools, the White House announced on Aug. 7.
The Education Department will establish a “government coordinating council” that will facilitate formal collaboration between all levels of government and school districts to host training activities, recommend policies, and communicate best practices to ensure schools are prepared to respond to and recover from cybersecurity threats and attacks.
“Just as we expect everyone in a school system to plan and prepare for physical risks, we must now also ensure everyone helps plan and prepare for digital risks in our schools and classrooms,” Education Secretary Miguel Cardona said in a written statement. “The Department of Education has listened to the field about the importance of K-12 cybersecurity, and today we are coming together to recognize this and indicate our next steps.”
The announcement comes as schools have become the leading target for cybercriminals and as some experts worry about how artificial intelligence could make cyberattacks more frequent and sophisticated.
The K12 Security Information Exchange, a nonprofit focused on helping schools prevent cyberattacks, estimates that there have been more than 1,330 publicly disclosed attacks since 2016, when the organization first began tracking these incidents. Hackers have targeted districts of all sizes, including Los Angeles Unified, the nation’s second largest.
In the 2022-23 academic year alone, at least eight K-12 school districts in the United States were impacted by significant cyberattacks, according to the White House. Four of those attacks led schools to cancel classes or close their operations completely for several days. Cyber criminals have also stolen sensitive personal information of students and employees, as well as sensitive information about school security systems.
The loss of learning time after a cyberattack ranged from three days to three weeks, and recovery time from the attack can take anywhere from two to nine months, according to a 2022 U.S. Government Accountability Office report. School districts have also lost between $50,000 to $1 million per cyberattack, the report found.
Along with the Government Coordinating Council, the federal Cybersecurity and Infrastructure Security Agency will be providing tailored assessments and cybersecurity training and exercises for K-12 schools this school year. The Federal Bureau of Investigation and the National Guard Bureau are also releasing updated resource guides so state governments and education officials know how to report cybersecurity incidents and can leverage the federal government’s cyber defense capabilities.
Some education technology companies are making commitments to provide free or low-cost cybersecurity training resources to school districts:
- PowerSchool, a K-12 software provider, will provide free and subsidized “security-as-a-service” courses, training, and resources to all U.S. schools.
- D2L, a learning platform company, will provide some free resources for cybersecurity training.
- Cloudflare will offer free cybersecurity solutions to smaller public school districts (those with 2,500 students or less).
- Amazon Web Services will provide $20 million for a K-12 cyber grant program, free security training for K-12 IT staff, and free cyber incident response assistance.
- Google released an updated guidebook for schools to ensure the security of their Google hardware and software applications.
The U.S. Department of Education and CISA also released on Aug. 7 the K-12 Digital Infrastructure Brief: Defensible & Resilient, which provides recommendations and best practices for identifying, protecting, detecting, responding, and recovering from cyber threats or attacks. The Education Department also released two other briefs that provide best practices for ensuring schools’ digital infrastructure is “future-proof” and “interoperable.”
As part of the federal government’s response, the Federal Communications Commission last month also proposed a pilot program that would provide up to $200 million in competitive grants over three years to help schools and libraries guard against cyber threats.
Cybersecurity has ranked as the No. 1 priority among K-12 technology leaders for five years in a row, according to a report released in March by the Consortium for School Networking (CoSN). But tech leaders don’t feel adequately prepared to defend their networks. For years, education groups have advocated for additional federal resources for cybersecurity.
“We appreciate the new government resources, as well as the commitment by the private industry in supporting the educational community’s battle against cyber threats,” Diane Doersch, chair of CoSN, said in a written statement.
