October is cybersecurity awareness month, which provides an appropriate backdrop for a new U.S. congressional bill that has just been signed into law. The K-12 Cybersecurity Act of 2021 will direct the U.S. Cybersecurity and Infrastructure Security Agency, or CISA, to study cybersecurity risks faced by elementary and secondary schools in the U.S.
CISA now has 120 days to complete this study and 60 additional days to provide cybersecurity recommendations that can help secure K-12 schools across the country.
Why is K-12 Cybersecurity a Focus Right Now?
Any large institution that serves a sizable population is vulnerable to cyber attacks. Schools and school districts hold sensitive data about huge numbers of students—this data often extends retroactively to include anyone who was a student in the past decade or more. The new cybersecurity act specifically cites the importance of safeguarding data like medical records, family history, and academic achievement.
K12 SIX, a nonprofit dedicated to information security in schools, found that cybersecurity attacks on K-12 schools reached a record high in 2020. In total, 408 incidents of cyber attacks were reported. 36% of these attacks involved data breaches, 12% used ransomware, 5% affected a denial of service attack, 2% involved phishing, and the other 45% were some other type of attack, including breaches of virtual classrooms.
The K12 SIX report also found that ransomware attacks, specifically, have become more severe. These attaches have hit some of the largest school districts in the country, including Broward County Public Schools, which serves nearly 300,000 students.
As classrooms become more technologically advanced, and new technologies are adopted in response to the Covid-19 pandemic, schools must learn to scale up their cybersecurity efforts to keep pace.
What’s Next?
We’ll be awaiting CISA’s findings and recommendations to see what’s next for the country’s public schools. The agency is expected to present these to Congress in four and six months, respectively. In the meantime, governments are already taking action on a local level. Earlier this month, Arizona launched a new Cyber Command Center to improve cybersecurity across public and private institutions in the state. CISA also maintains a robust online resource hub that organizations can leverage to assess and improve their cybersecurity.
Do you want to help implement cybersecurity protections throughout the country? You can learn more about cybersecurity and find cybersecurity training bootcamps on our cybersecurity main page.
