Amid growing ransomware attacks, the Biden-Harris Administration is announcing private commitments and new actions that will strengthen cybersecurity among schools nationwide.
The U.S. Department of Education has announced that it will establish a council to develop and coordinate policies and plans for education leaders to bolster their school security defenses. According to a press release on August 7, the White House hopes to take a critical first step in assisting school districts in their ability to not only prepare for but also respond to malicious events, threats and cyber attacks. Over the next three years, the Federal Communications Commission (FCC) will also provide up to $200 million to help increase schools’ security defenses.
According to TREBRON CEO and President Dave Peck, “Making funding available from the FCC through the E-Rate program makes a lot of sense. It is a process that schools are already familiar with and will help enable access to the cybersecurity services and tools required to defend against today’s sophisticated attackers. Of course, all of this will take time to work its way down to the point where true action is being taken on the front lines. In the meantime, there are many effective, low cost steps that schools can take to bolster their cybersecurity posture now.”
The newly announced initiatives allow the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to work with schools to implement an online toolkit and recommendations that can help educational institutions boost their security – from navigating security challenges associated with online learning to securing student data.
Overall, the Administration aims to secure the necessary resources to increase cybersecurity services across the nation’s school districts. However, the most recent announcement includes a private-sector effort and a more holistic approach from the federal government. AWS, PowerSchool, Cloudflare, D2L, Google and other education technology providers will provide low-cost or free cybersecurity resources, while CISA will provide security training, exercises and assessments for 300 K-12 institutions in the 2023-24 academic year. An updated resource guide released by the National Guard Bureau and the Federal Bureau of Investigation will ensure education and state government officials understand how to report incidents in order to leverage the government’s defense capabilities.
The announcement comes after an increase in cyberattacks that have targeted U.S. schools in recent years. Not only have these attacks disrupted operations, but they have also negatively impacted students as well as their teachers, administrators and families and caused significant recovery times and monetary losses. Since school districts are in possession of confidential personal data of their students and staff, including grades, addresses, sensitive medical information, interactions with law enforcement and more, school districts are a prime target for malicious attacks.
“In my experience, most school districts are aware of the risks and want to improve their approach to cybersecurity, but simply don’t know where to start, or have the resources such as money and personnel to make the necessary changes,” says Neal Richardson, cybersecurity consultant and long time K-12 IT Director. Neal, who was part of the convening at the White House, went on to acknowledge, “It’s outstanding to see this level of engagement and commitment at the Federal Government level. The steps they are taking will have a meaningful impact on the preparedness of schools across the country.”
According to the White House, in the 2022-23 academic year alone, at least eight K-12 school districts were victims of significant cyberattacks with four of these districts having to cancel classes or shut down operations completely. In addition, a 2022 U.S. Government Accountability report indicated that loss of learning following such an attack can range from three days to three weeks, with recovery taking up to nine months.
Although any investment in cybersecurity in school systems is a good thing, schools are often forced to make tight budget decisions regarding ways to provide better education as well as in areas such as lunch programs. What’s more, an added challenge remains of whether schools willfully disclose or confirm cyber incidents, which begs the question of whether they must be federally mandated to do so. If cyber officials are unaware or unable to track incidents, it is more difficult to fully assess the effectiveness of cybersecurity measures.
Still, the Biden-Harris Administration will continue to focus on securing our nation’s infrastructure, including providing resources to enable the more than 13,000 school districts in the U.S. to better defend and protect their students, administrators and staff against cyber attacks. Says U.S. Department of Education Secretary Miguel Cardona, “Just as we expect everyone in a school system to plan and prepare for physical risks, we must now also ensure everyone helps plan and prepare for digital risks in our schools and classrooms.”
Ready to Learn More?
At TREBRON, we understand the importance of ensuring our schools are in the best position to keep their employees, educators and students safe. If you would like to learn more about how we can help you secure your networks and give you peace of mind that you are protected in the event of a malicious event, contact us today. We look forward to hearing from you.