Thursday, September 28 2023

Cyberattacks on K-12 schools are on the rise, but the White House hopes to change that with a new initiative. Strategic measures recently outlined by the Biden administration are aimed at bolstering the cybersecurity of schools, with action from the Federal Communications Commission (FCC), the Department of Education, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the private sector.

The new measures come after a December 2022 Government Accountability Office (GAO) report which highlighted that 647,000 students were impacted by ransomware attacks in 2021. It noted the prevalence of phishing events, distributed denial-of-service attacks, and video conferencing disruptions as well. According to the report, schools revealed that cyber incidents can cost $50,000 to $1 million in expenses. Likewise, a report from CISA earlier this year called for school officials to prioritize cybersecurity risk management, build relationships with CISA and the FBI, and utilize information sharing forums.

The White House announcement noted that at least eight school districts were impacted by significant cyberattacks during the 2022-2023 academic year, with four resulting in class cancellations or school closures. Other incidents affected education institutions as well. The MOVEit attack in May infiltrated the Minnesota Department of Education, exposing the names of about 95,000 students and other personal information. A similar story played out at the New York City Department of Education: approximately 45,000 students were impacted, in addition to staff and related service providers.

The first of the White House’s measures, originally announced by FCC chairwoman Jessica Rosenworcel in July, proposes a pilot program for cybersecurity investment in schools and libraries. Managed through the Universal Service Fund, the program would provide up to $200 million over three years. This move would require a vote of the commission, and the full details of the proposal would be released upon adoption.

The pilot program marks a second cybersecurity proposal from the FCC in July. A few days later, the commission announced a cybersecurity certification and labeling program in which consumers would see a “U.S. Cyber Trust Mark” shield logo applied to smart products meeting security criteria established by the National Institute of Standards and Technology (NIST).

The announcement also drew attention to a newly released infrastructure brief jointly published by CISA and the Department of Education. The second brief in a series of five, it aids education professionals in building and sustaining core digital learning infrastructure. Key recommendations include enabling multi-factor authentication, using strong and unique passwords, reporting phishing, and updating software. To further the goals detailed in the brief, CISA will be providing individualized assessments, facilitating exercises, and delivering cybersecurity training for 300 new schools over the next academic year.

Indeed, transforming cybersecurity education has been a key goal of the White House. Its National Cyber Workforce and Education Strategy sought to make training less costly and more widely available. Published in late July, the strategy also called for skills-based hiring practices and improved career pathways within the cybersecurity field.

The FBI is taking part in the new effort, too, with plans to release updated resource guides so that state governments and educators are clear on how to report cybersecurity incidents and receive guidance from the federal government. This aligns with the White House’s National Cybersecurity Implementation Plan, released in July. Among the 65 federal agency initiatives in support of the strategy were goals to improve government coordination during cyberattacks.  

The Department of Education will create a Government Coordinating Council that will coordinate schools’ cybersecurity policy among leaders. This will be the first step in the Department’s strategy to safeguard schools and districts from cybersecurity threats and support them in dealing with and recovering from such threats.

Finally, several companies are providing free or low-cost resources to school districts. Cloud software provider for schools PowerSchool is offering new free and subsidized training courses, tools, and resources to all U.S. schools and districts. D2L, an educational software suite developer, has made a commitment to expanding availability of cybersecurity courses. Cloudfare, an IT service management company, will offer a selection of free cybersecurity services to public school districts under 2,500 students.

Notably, Amazon Web Services (AWS) unveiled a $20 million cyber grant program in support of the White House measures. The commitment also includes plans to train IT education professionals through its digital learning center, AWS Skill Builder, which contains 40 security-related courses. Other plans include free cyber incident response assistance and security reviews of all relevant educational technologies.

The White House hosted an event, called “Back to School Safely: Cybersecurity Summit for K-12 Schools,” featuring the new agenda. It brought together key stakeholders, including First Lady Dr. Jill Biden, Secretary of Education Miguel Cardona, Secretary of Homeland Security Alejandro Mayorkas, school administrators, educators, and education technology providers from across the U.S.

“Every student deserves the opportunity to see a school counselor when they’re struggling and not worry that these conversations will be shared with the world,” Biden said. Cardona added, “We need to be taking these cyberattacks on schools as seriously as we do the physical attacks on critical infrastructure.”


Buguard Secures $500K Seed Funding


Sweet Security Lands $12M in Seed Funding

Check Also


Don’t Miss

Cyber Executive Moves: Expel, AXA XL

Ellie Buscemi

Expel appoints a new chief product officer, AXA XL announces a new chief executive and DataVisor appoints a new chief revenue officer. Expel, a security operations provider in Herndon, Virginia, appointed Yonni Shelmerdine as the new chief product officer on Aug. 28. Shelmerdine comes to Expel from SentinelOne where he was the vice president of Product Management, endpoint […]

Grip Security Raising $41 Million Series B Led by Third Point Ventures


SaaS security company plans to accelerate growth and extend market leadership SaaS identity risk management platform Grip Security announced a $41 million Series B funding round led by Third Point Ventures, with participation from YL Ventures, Intel Capital and The Syndicate Group. The investment would bring Grip Security’s total funding to $66 million and marks a major milestone for the […]

Partner One Acquires Key Fidelis Cybersecurity Assets


Partner One, one of the fastest growing software conglomerates in the world, has announced its acquisition of Fidelis Cybersecurity software, intellectual property, equipment, inventory and customer and reseller contracts. Fidelis software is a leader in the cybersecurity industry, with innovative eXtended Detection and Response (XDR) and Cloud Native Application Protection Platform (CNAPP). Fidelis solutions protect […]

Healthcare IoT: Risks, Policy, and the Path Forward 

John Powers

When Amazon launched as an online bookstore twenty-eight years ago, few would have imagined that patients could one day go to its website to treat their acid reflux. But times change. Amazon just expanded their virtual healthcare marketplace, Amazon Clinic. Across the U.S., customers can now consult with clinicians through virtual calls and get treatment […]

NIST Updates Cybersecurity Framework in New Draft, Seeks Public Comment

John Powers

The National Institute of Standards and Technology updated their cybersecurity framework for the third time in a new draft. The new framework offers guidance to organizations about reducing cybersecurity risks. It contains a set of outcomes so that any organization can evaluate, prioritize, grasp, and communicate its cybersecurity measures in an effective way. The draft […]

N.Y. Gov. Debuts Premier State Cybersecurity Strategy

John Powers

Governor Kathy Hochul (D-NY) recently introduced New York’s first cybersecurity strategy. The 15-page document lays out a blueprint to expand services to aid under-resourced entities and clarifies agency responsibilities. It provides $500 million to strengthen New York’s healthcare information technology and $7.4 million to expand the New York State Police’s Cyber Analysis Unit, Computer Crimes […]