The Biden administration is launching a new initiative to help strengthen the cybersecurity of K-12 schools, the White House announced on Aug. 7.
The Education Department will establish a 鈥済overnment coordinating council鈥 that will facilitate formal collaboration between all levels of government and school districts to host training activities, recommend policies, and communicate best practices to ensure schools are prepared to respond to and recover from cybersecurity threats and attacks.
鈥淛ust as we expect everyone in a school system to plan and prepare for physical risks, we must now also ensure everyone helps plan and prepare for digital risks in our schools and classrooms,鈥 Education Secretary Miguel Cardona said in a written statement. 鈥淭he Department of Education has listened to the field about the importance of K-12 cybersecurity, and today we are coming together to recognize this and indicate our next steps.鈥
The announcement comes as schools have become the leading target for cybercriminals and as some experts worry about how artificial intelligence could make cyberattacks more frequent and sophisticated.
The K12 Security Information Exchange, a nonprofit focused on helping schools prevent cyberattacks, when the organization first began tracking these incidents. Hackers have targeted districts of all sizes, including Los Angeles Unified, the nation鈥檚 second largest.
In the 2022-23 academic year alone, at least eight K-12 school districts in the United States were impacted by significant cyberattacks, according to the White House. Four of those attacks led schools to cancel classes or close their operations completely for several days. Cyber criminals have also stolen sensitive personal information of students and employees, as well as sensitive information about school security systems.
The loss of learning time after a cyberattack ranged from three days to three weeks, and recovery time from the attack can take anywhere from two to nine months, according to a 2022 U.S. Government Accountability Office report. School districts have also lost between $50,000 to $1 million per cyberattack, the report found.
Along with the Government Coordinating Council, the federal Cybersecurity and Infrastructure Security Agency will be providing tailored assessments and cybersecurity training and exercises for K-12 schools this school year. The Federal Bureau of Investigation and the National Guard Bureau are also releasing updated resource guides so state governments and education officials know how to report cybersecurity incidents and can leverage the federal government鈥檚 cyber defense capabilities.
Some education technology companies are making commitments to provide free or low-cost cybersecurity training resources to school districts:
- PowerSchool, a K-12 software provider, will provide free and subsidized 鈥渟ecurity-as-a-service鈥 courses, training, and resources to all U.S. schools.
- D2L, a learning platform company, will provide some free resources for cybersecurity training.
- Cloudflare will offer free cybersecurity solutions to smaller public school districts (those with 2,500 students or less).
- Amazon Web Services will provide $20 million for a K-12 cyber grant program, free security training for K-12 IT staff, and free cyber incident response assistance.
- Google released an updated guidebook for schools to ensure the security of their Google hardware and software applications.
The U.S. Department of Education and CISA also released on Aug. 7 the , which provides recommendations and best practices for identifying, protecting, detecting, responding, and recovering from cyber threats or attacks. The Education Department also released two other briefs that provide best practices for ensuring schools鈥 digital infrastructure is 鈥溾 and 鈥.鈥
As part of the federal government鈥檚 response, the Federal Communications Commission last month also proposed a pilot program that would provide up to $200 million in competitive grants over three years to help schools and libraries guard against cyber threats.
Cybersecurity has ranked as the No. 1 priority among K-12 technology leaders for five years in a row, according to a report released in March by the Consortium for School Networking (CoSN). But tech leaders don鈥檛 feel adequately prepared to defend their networks. For years, education groups have advocated for additional federal resources for cybersecurity.
鈥淲e appreciate the new government resources, as well as the commitment by the private industry in supporting the educational community鈥檚 battle against cyber threats,鈥 Diane Doersch, chair of CoSN, said in a written statement.
