Ransomware (a type of malicious software designed to block access to a computer system or encrypt files until a sum of money, or ransom, is paid) has emerged as one of the most pervasive and damaging cyber threats in recent years, posing significant risks to businesses and critical infrastructure worldwide. And unfortunately, schools are getting hit hard.
The impact of ransomware attacks on schools can be devastating. Victims may experience data loss, operational disruptions, financial losses, reputational damage, and legal liabilities. In the last few years, we’ve seen complex ransomware attacks expose sensitive personal information from students and even completely shut down schools.
In the United States, schools need to do a lot with a little when it comes to budgets and resources; becoming full time defenders of cyber attacks can feel like a lot to ask from organizations that can barely afford operational supplies.
While things like applying for grants, tapping the local community, and security awareness training can help, some recent initiatives from the US Department of Education (ED), Federal Communications Commission (FCC), and Cybersecurity and Infrastructure Security Agency (CISA) are determined to improve cybersecurity for K12 schools across the nation.
In this post, we’ll take a look at some of the ways the federal government is attempting to assist schools dealing with waves of cyber attacks. And whatever your political leanings, one thing most Americans can agree upon is that schools (and our children) need help with this issue, and fast.
In January 2023, the ED and CISA released a report designed to improve systems and protect schools from cyber threats.
The report, “Protecting Our Future,” centered around three key findings:
Maybe none of these findings seem groundbreaking, but they do recognize the problem schools are facing today, which hopefully can build momentum for greater protection.
Among the report’s recommendations for schools:
Some of these recommendations are easier said than done. For instance, of course you want to encourage technology providers to include security features as standard without extra costs sounds good, but what incentives do those providers have to do that? Perhaps the government could come up with such incentives, and maybe they will soon.
In the meantime, schools should consider security solutions that they can customize for themselves, instead of getting stuck with a bunch of bloated, confusing, expensive tools.
Right around back-to-school time in 2023, the White House hosted a group of school superintendents, educators and education technology vendors, and announced some new strategies to combat cyber attacks on schools.
Among measures announced at the summit: CISA would step up security assessments for the K12 schools while tech providers like Amazon Web Services, Google, and Cloudflare, offer grants and other support.
Additionally, a pilot proposed by the Federal Communications Commission pledged to make $200 million available over three years to strengthen cyber defense in schools and libraries.
Due to the limited amount of funding available through the FCC’s pilot program, only a small number of schools will be accepted, and a window to apply has not yet been announced, but is expected this summer.
A second cybersecurity summit, 2023 National Summit on K12 School Safety and Security, was held in November. At that summit, leaders again focused on resources that are available to schools, and educational materials that can help bolster their defenses.
The momentum from the 2023 efforts continued into the new year. That’s because, in March 2024, the ED and CISA once again teamed up to establish a council focused on enhancing cybersecurity in K12 schools. The council aims to address the growing threats and challenges faced by schools in protecting their digital infrastructure and sensitive data.
The new council underscores the recognition of cybersecurity as a critical priority in education and highlights the importance of collaboration between government agencies and educational institutions (including federal, state, tribal, and local governments) to address this pressing issue.
CISA’s Director, Jen Easterly, shared in a public statement: “The importance of protecting our schools, students, and educators from cyber threats cannot be overstated. I’m very proud of the work the Department of Education and CISA are doing in this critical area, working collaboratively with the K12 community.”
This initiative emphasizes the need for collaborative efforts and strategic partnerships to bolster cybersecurity measures in K12 schools across the country. Additionally, the council will seek to address cybersecurity challenges, promote information sharing, and provide resources and support to ensure the safety and security of school systems.
We’ll have to stay tuned to see what sort of new work comes from this council, but it’s definitely a step in the right direction and is demonstrating the government understands the importance of these issues. Hopefully, at least by the new school year, we’ll have some more updates.
*** This is a Security Bloggers Network syndicated blog from Blog – Coro Cybersecurity authored by Kevin Smith. Read the original post at: https://www.coro.net/blog/edu/how-momentum-is-building-for-the-us-government-to-play-a-larger-role-in-protecting-k12-schools-from-cyberattacks