69ý

IT Infrastructure & Management

Ed-Tech Companies Are Vulnerable to Cyberattacks. A New Federal Effort Wants to Help

By Alyson Klein — May 02, 2024 4 min read
Image of lock on binary code background.
  • Save to favorites
  • Print
Email Copy URL

The U.S. Department of Education is teaming up with the University of California at Berkeley’s Center for Long-Term Cybersecurity on an initiative to improve collaboration between schools’ education technology vendors and cybersecurity experts.

The goal: To stem the tidal wave of attacks on districts, which increasingly originate from the platforms, applications, and other technology schools use for teaching, learning, operations, and more.

The initiative—known as the Partnership for Advancing Cybersecurity in Education, or PACE—will hold a summit in October bringing together cybersecurity experts and ed-tech vendors.

“By uniting the expertise of cybersecurity professionals with the innovation of key ed-tech vendors, we can help proactively address cyber vulnerabilities before they lead to ransomware attacks that disrupt students’ learning, school operations, and compromise sensitive student data,” U.S. Deputy Secretary of Education Cindy Marten said in a statement. “This partnership will develop actionable insights to enhance the resilience of the ed-tech sector, ensuring that our educational tools are not only effective but secure.”

Cyberattacks, which can cost districts millions of dollars and days or weeks of missed learning time, are becoming an increasingly severe problem for school districts.

Eighty percent of K-12 schools have been targeted by ransomware in the past year, according to a survey of IT professionals conducted last year by Sophos, a cybersecurity firm. That’s a higher percentage than any other industry surveyed, including health care and financial services.

What’s more, education tech leaders around the country recently named cybersecurity as their top priority for the seventh year in a row, in a conducted by the Consortium for School Networking, or CoSN.

The problem has intensified as districts across the country adopted new ed-tech tools, in part to enable virtual learning during the pandemic. Bringing in new platforms and products made districts increasingly susceptible to attacks.

In fact, 55 percent of K-12 school data breaches between 2016 and 2021 were carried out on ed-tech vendors, according to data provided by the department. That included attacks on large, well-resourced districts, such as New York City public schools.

The PACE initiative’s October event will include discussion of so-called “,” which call for products and applications to embrace features such as multi-factor authentication and single sign-on, as a standard practice, and at no additional cost to districts.

The event will also consider other long-term solutions for common product vulnerabilities.

“PACE aims to lift and shift some of the burden for managing cyber risk from school district leaders to the key ed-tech providers whose systems districts rely on every day for teaching, learning, and operations,” said Sarah Powazek, the program director of Public Interest Cybersecurity at the Center for Long-Term Cybersecurity, in a statement. “K-12 leaders will play a critical advisory role by highlighting cybersecurity pain points and vetting recommendations” that emerge from the PACE event.

Educators interested in learning more can email pace@berkeley.edu for information.

Multiple efforts to combat cyberattacks against schools

This is not the department’s only recent action to combat cybercrime in schools.

In March, the agency launched a council to help K-12 schools strengthen their cybersecurity practices.

Other federal agencies responsible for internet connectivity in schools also see cybersecurity as a top concern.

Jessica Rosenworcel, the chair of the Federal Communications Commission, has proposed a pilot program that would provide up to $200 million in competitive grants over three years to help schools and libraries guard against cyberthreats, which have become increasingly sophisticated in recent years.

But the federal government hasn’t always been so attentive to this issue. A 2022 report by the Government Accountability Office found that the federal government, including the Education Department, had largely dropped the ball on some key steps to help schools prevent, plan for, and deal with these attacks.

Keith Krueger, the chief executive officer of CoSN, applauded the department’s direction.

“It sounds like a great idea to get technical support to companies” on cybersecurity, he said. “There’s so many new and emerging companies that need help in this area.”

Doug Levin, the co-founder and national director of the , agreed.

“There’s no question that for under-resourced school systems focusing on their supply chain, the vendors that they rely on everything in the classroom as well as the back office is smart and important.”

And he liked that ed-tech companies will get to opt in to the conversation. “I think it’s pretty appropriate to start with voluntary efforts like this,” he said.

But he warned that stopping attacks on vendors is no easy feat. “All it takes is the weakest link in the chain” to cause an attack.

Jun Kim, the director of technology for Oklahoma’s Moore Public 69ý and an Education Week Leader to Learn From, is optimistic that the initiative can get ed- tech companies on the same page when it comes to cybersecurity.

“I hope that these companies can work past the ‘mine, mine mentality’ to say, ‘we are actually going to do something about it’ and shake hands with that other company and find that meeting place and, say ‘this is the standard.’ I hope they can get there. I think they will.”

Events

School & District Management Webinar Crafting Outcomes-Based Contracts That Work for Everyone
Discover the power of outcomes-based contracts and how they can drive student achievement.
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
School & District Management Webinar
Harnessing AI to Address Chronic Absenteeism in 69ý
Learn how AI can help your district improve student attendance and boost academic outcomes.
Content provided by 
School & District Management Webinar EdMarketer Quick Hit: What’s Trending among K-12 Leaders?
What issues are keeping K-12 leaders up at night? Join us for EdMarketer Quick Hit: What’s Trending among K-12 Leaders?

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.

Read Next

IT Infrastructure & Management Sizing Up the Risks of 69ý' Reliance on the 'Internet of Things'
Technology is now critical to both the learning and business operations of schools.
1 min read
Vector image of an open laptop with octopus tentacles reaching out of the monitor around a triangle icon with an exclamation point in the middle of it.
DigitalVision Vectors
IT Infrastructure & Management How 69ý Can Survive a Global Tech Meltdown
The CrowdStrike incident this summer is a cautionary tale for schools.
8 min read
Image of students taking a test.
smolaw11/iStock/Getty
IT Infrastructure & Management What Districts Can Do With All Those Old Chromebooks
The Chromebooks and tablets districts bought en masse early in the pandemic are approaching the end of their useful lives.
3 min read
Art and technology teacher Jenny O'Sullivan, right, shows students a video they made, April 15, 2024, at A.D. Henderson School in Boca Raton, Fla. While many teachers nationally complain their districts dictate textbooks and course work, the South Florida school's administrators allow their staff high levels of classroom creativity...and it works.
Art and technology teacher Jenny O'Sullivan, right, shows students a video they made on April 15, 2024, at A.D. Henderson School in Boca Raton, Fla. After districts equipped every student with a device early in the pandemic, they now face the challenge of recycling or disposing of the technology responsibly.
Wilfredo Lee/AP
IT Infrastructure & Management Aging Chromebooks End Up in the Landfill. Is There an Alternative?
Districts loaded up on devices during the pandemic. What becomes of them as they reach the end of their useful lives?
5 min read
Brandon Hernandez works on a puzzle on a tablet before it's his turn to practice reading at an after school program at the Vardaman Family Life Center in Vardaman Miss., on March 3, 2020.
Brandon Hernandez works on a puzzle on a tablet before it's his turn to practice reading at an after-school program at the Vardaman Family Life Center in Vardaman Miss., on March 3, 2020. Districts that acquired devices for every student for the first time during the pandemic are facing decisions about what to do at the end of the devices' useful life.
Thomas Wells/The Northeast Mississippi Daily Journal via AP