Faced with increasing cyberattacks on K-12 schools, the Biden-Harris administration today unveiled several government actions to help bolster their cyber defenses, along with numerous commitments from private-sector organizations that aim for the same result.
Over the past academic year, the White House has documented at least eight K-12 school districts across the nation impacted by significant cyberattacks. Depending on the severity of the attack, lost school days from those exploits could range anywhere from three days to three weeks, and recovery time could take anywhere from two to nine months, according to a December 2022 report from the Government Accountability Office (GAO).
Those breaches also led to monetary losses from $50,000 to $1 million, in addition to leaks of sensitive information about school security systems, and personal data on students and school employees.
“Not only have these attacks disrupted school operations, but they also have impacted students, their families, teachers, and administrators,” the White House stated in a release.
Topping the list of new steps announced today is a plan from the Education Department to establish a Government Coordinating Council (GCC) that will coordinate activities, policies, and communications between Federal, state, local, tribal, and territorial education leaders to strengthen the cyber defenses and resilience of K-12 schools.
According to the White House, creation of the GCC is the Education Department’s first step in protecting schools and districts from cybersecurity threats as well as supporting districts in their preparation, response, and recovery steps from cybersecurity attacks.
“Just as we expect everyone in a school system to plan and prepare for physical risks, we must now also ensure everyone helps plan and prepare for digital risks in our schools and classrooms. The Department of Education has listened to the field about the importance of K-12 cybersecurity, and today we are coming together to recognize this and indicate our next steps,” Education Secretary Miguel Cardona said in a statement.
The Education Department also announced that in collaboration with the Cybersecurity and Infrastructure Security Agency (CISA) it released the K-12 Digital Infrastructure Brief: Defensible & Resilient – the second in a series of guidance documents to assist educational leaders in building and sustaining core digital infrastructure for learning.
“The product released today from the Department of Education and CISA provides K-12 school districts across our communities a starting place to understand the importance of securing our digital infrastructure and provides steps schools can take today to keep their systems safe,” CISA Director Jen Easterly said in a statement.
CISA, along with other Federal agencies, has also committed to providing K-12 schools with additional resources to educate K-12 administrators with the best cybersecurity practices.
The White House also pointed today to a pilot program recently proposed by Federal Communications Commission Chairwoman Jessica Rosenworcel to provide through the
Universal Service Fund up to $200 million over three years to strengthen cyber defenses in K-12 schools and libraries, in tandem with other Federal agencies that have deep expertise in cybersecurity.
The White House also announced that several private education technology providers are committing to providing free and low-cost resources to school districts, including:
- Amazon Web Services is committing $20 million for a K-12 cyber grant program;
- Cloudflare will offer a suite of free zero trust cybersecurity solutions to public school districts under 2,500 students;
- Google released an updated “K-12 Cybersecurity Guidebook” for schools on the most effective and impactful steps education systems can take to ensure the security of their Google hardware and software applications;
- PowerSchool will provide new free and subsidized “security as a service” courses, training, tools, and resources to all U.S. schools and districts; and
- D2L is committing to providing access to new cybersecurity courses in collaboration with trusted third parties.