Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
On Monday, the White House unveiled a series of new initiatives and federal resources designed to address cybersecurity concerns in the nation’s K-12 education system.
This comes as a response to the increasing wave of cyberattacks that have targeted schools in the past few years. In the 2022-23 academic year only, eight K-12 school districts in the US experienced cyberattacks, causing disruptions and affecting students, families, teachers, and administrators.
These attacks exposed sensitive personal information, including grades, medical records, and financial details, and leaked information about school security systems online. A 2022 report shows learning loss and recovery time for cyberattacks range from three days to weeks, with monetary losses ranging from $50,000 to $1 million.
Actions and Resources to Bolster K-12 Schools’ Cybersecurity
Here are the main actions that the U.S. Administration is taking to strengthen the cybersecurity posture of the K-12 school systems:
- A pilot program under the Universal Service Fund to provide up to $200 million over three years to strengthen cyber defenses in K-12 schools and libraries in collaboration with other federal agencies with deep expertise in cybersecurity.
- Establishing a new entity, called the Government Coordination Council (GCC), within the U.S Department of Education, to coordinate activities, policies, and communications between and among federal, state, local, tribal, and territorial education leaders and support districts to prepare, respond and recover from cybersecurity incidents.
- K-12 Digital Infrastructure Brief: Defensible & Resilient, a guidance document released by the U.S. Department of Education and CISA to help educational leaders build and maintain core digital infrastructure for learning.
- Over the next school year, CISA plans to provide tailored assessments, facilitate exercises, and deliver cybersecurity training to 300 new K-12 entities. CISA intends to conduct 12 K-12 cyber exercises this year, one per month on average, and is currently accepting exercise requests from government and critical infrastructure partners, including the K-12 community.
- The FBI and the National Guard Bureau are updating their resource guides to make sure that state government and education officials know how to report cybersecurity incidents and can use the federal government’s cyber defense capabilities.
Technology providers have also teamed up to offer free and low-cost resources to school districts. AWS is committing $20 million for a K-12 cyber grant program, free security training, and no-cost cyber incident response assistance.
Google has released an updated “K-12 Cybersecurity Guidebook” for schools, and D2L is collaborating with trusted third parties to provide cybersecurity courses and extend information security reviews. PowerSchool also provides new security as a service courses and resources.
The White House’s full announcement is available here.
The Education Sector, Frequently Targeted by Cybercriminals
Education has become increasingly targeted by cybercriminals. In the last two months, schools and universities such as: the Minneapolis Public Schools, University of Sydney, University of Manchester and the University of Michigan have experienced cyber incidents lead to the exposure of their students’ personal information or have even disrupted their operations.
If you would like to learn more about the steps you can take to prevent a cyber attack targeting the education system, read this article: Shielding Learning: The Power of Cybersecurity in Education.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.
Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.
