Elementary and secondary schools would receive dedicated cyber security support from the Department of Homeland Security (DHS) under newly proposed bipartisan legislation.
The K-12 Cybersecurity Act will require the DHS to create a list of cybersecurity recommendations and resources to help school fortify their servers and networks against hackers. The law would also require the DHS to examine the overall cyber risks schools must temper. The proposed legislation is badly needed in that school districts are proving to be easy money for hackers. A great deal of personal data is in play and schools may not have strong technology teams, leaving them vulnerable to attackers. Some recent attacks:
- Livingston Public Schools (NJ): Experienced a ransomware attack that compromised its servers and forced class delays.
- San Bernardino City Unified School District (CA): Found ransomware used to lock access to district files.
- Flagstaff (AZ) Unified School District: Cyber attack closed 15 schools for two days.
- Rockville Centre (NY) School District: Paid nearly $100,000 to restore its data after cyber criminals used ransomware to encrypt files across its servers.
Here’s what the Bill does:
- Directs DHS’s Cybersecurity and Infrastructure Security Agency (CISA) to work with other federal departments and private sector organizations to complete a study of cybersecurity risks specific to K-12 educational institutions, including risks related to sensitive student and employee records.
- Directs CISA to develop cybersecurity recommendations and an online toolkit to help schools improve their cybersecurity systems. The tools would be made available on the DHS website with other DHS school safety information.
Sens. Gary Peters (D-MI), the top Democrat on the Senate Homeland Security and Governmental Affairs Committee, and Rick Scott (R-FL), a member of the Committee, are sponsoring the legislation. While schools are “entrusted with safeguarding the personal data of their students and faculty,” many are ill-equipped to do so, Peters said. The measure will help schools to “protect themselves from hackers looking to take advantage of our nation’s cybersecurity vulnerabilities,” according to Peters.
Scott said “the safety of our schools is always my top priority, and that includes protecting the information of our students and teachers. I’m proud to sponsor the K-12 Cybersecurity Act of 2019 to further protect our schools, students and educators, and give them the resources they need to stay safe.”
The Bill has landed support from a number of education groups, including the National Education Association, the American Federation of Teachers, the National Association of Secondary School Principals and the Consortium for School Networking.
Earlier this year, legislation introduced in the House, the State and Local Government Cybersecurity Improvement Act sponsored by Rep. John Katko (R-NY), would require DHS to create a set of guidelines to help state and local governments prepare for a cyberattack.
Cybersecurity is not the education industry’s strong point. A study last year by SecurityScorecard, a risk analysis firm, found that even though hackers have become increasingly clever at stealing school and student data, the education industry has not yet improved its ability to deal with cybersecurity threats.