According to the news release today issued by the department, this initiative will begin with the creation of a Government Coordinating Council, which will work with all levels of government — local, state, tribal, federal and territorial. Those entities will establish a plan for protecting schools against, and responding to, cybersecurity attacks.
In the meantime, ED and the federal Cybersecurity and Infrastructure Security Agency (CISA) are releasing a series of five K-12 infrastructure briefs, or documents of recommendations for education leaders to build resilient digital infrastructure for learning. Three of these have been published to date, including one on defensible and resilient infrastructure, one on making sure digital infrastructure is adequate and future-proof, and one on making sure data is useful, interoperable and private. These three documents are on the department’s website and are intended to help school administrators and educators get up to speed on these issues before the coordinating council convenes. The White House, meanwhile, broadcast a back-to-school cybersecurity summit to summarize key points of these documents for K-12 schools Monday following the announcement.
“Students across our country deserve to learn in an environment that is not only safe and secure physically, but also digitally,” CISA Director Jen Easterly said in a public statement. “This means that schools need the best tools and information available to protect their networks and systems from the full range of cybersecurity threats. The product released today from the Department of Education and CISA provides school K-12 districts across our communities a starting place to understand the importance of securing our digital infrastructure and provides steps schools can take today to keep their systems safe.”
In a separate news release, the White House announced $200 million in grants for cybersecurity fortification efforts at schools and public libraries over a three-year period. It also said CISA will offer cybersecurity assessments, exercises and training at 300 new K-12 entities in the coming academic year. In addition, the FBI and the National Guard will provide local governments and school districts updated resource guides that explain how to report cybersecurity incidents and leverage help from the federal government.
Ed-tech companies are also contributing to this effort, according to the White House news release:
- Amazon Web Services is making $20 million in grants available to K-12 schools, and for schools that already use AWS Skill Builder, customized training and incident response services for IT staff are offered free of charge.
- Cloudflare will offer cybersecurity and high-speed Internet services to public school districts with less than 2,500 students.
- PowerSchool will provide free or subsidized “security-as-a-service” courses and tools to all U.S. school districts.
- Google released an updated cybersecurity guidebook that is applicable to schools that use the company’s software and hardware applications.
- Learning platform company D2L pledged to create additional cybersecurity courses in collaboration with trusted third parties.
According to the White House news release, this initiative follows a December report from the U.S. Government Accountability Office that the average financial loss of a school district victimized by a cyber attack between 2020 and 2022 was between $50,000 and $1 million.
K12 Six Security Information eXchange (K12 Six), a national nonprofit agency that educates schools about cybersecurity issues, applauded Monday’s announcement. That agency has cataloged more than 1,300 cyber incidents since 2016, according to its website.
“Given the steady drumbeat of ransomware, targeted scams and data-breach incidents plaguing school systems from coast to coast, CISA’s report and guidance comes not a moment too soon,” Doug Levin, K12 SIX director, said in a public statement. “Nonetheless, its publication is only one step in a much longer journey toward school system cyber-resilience. K12 SIX pledges to continue to serve as a leading advocate for defending students, teachers and school communities from cyber threats, and to work in partnership with all others who share this vital mission.”
The Consortium for School Networking (CoSN), a nonprofit agency that also serves K-12 schools and has identified cyber attacks as the No. 1 concern in the ed-tech space right now, expressed similar sentiments, noting that for far too long, schools have been seen as soft targets.
“CoSN is encouraged by the prospect of participants working together to share insights and expertise, foster threat intelligence sharing, and explore innovative strategies for securing school networks,” Diane Doersch, CoSN chair, said in a public statement. “We appreciate the new government resources as well as the commitment by the private industry in supporting the educational community’s battle against cyber threats.”
