The United States' K-12 education system plays a crucial role in the country's future prosperity and strength. With the advent of advanced networking technologies, school districts have been able to improve the learning experience and become more efficient. However, these technological advancements also introduce new risks, particularly in the form of cyberattacks.
Cyberattacks have strained resources and impacted the delivery of critical education services across the nation. To address this issue, Congress passed the K-12 Cybersecurity Act of 2021, which requires the Cybersecurity and Infrastructure Security Agency (CISA) to report on cybersecurity risks facing elementary and secondary schools to develop recommendations to help better protect these institutions.
[RELATED: Biden Administration Signs K-12 Cybersecurity Act: Will It Make a Difference?]
The report, released last week, shows that malicious actors are targeting K-12 education across the country, putting students, teachers, administrators, and their families at risk. The COVID-19 pandemic has made the situation worse, as many schools pivoted to virtual learning, making them more vulnerable to cyberattacks.
The findings provide insight into the current threat landscape and the K-12 sector's capacity to prevent and mitigate cyberattacks. It also offers several recommendations to help schools and school districts improve their cybersecurity posture.
Jen Easterly, Director of CISA, discussed the report:
"We must ensure that our K-12 schools are better prepared to confront a complex threat environment. As K-12 institutions employ technology to make education more accessible and effective, malicious cyber actors are hard at work trying to exploit vulnerabilities in these systems, threatening our nation's ability to educate our children.
Today's report serves as an initial step towards a stronger and more secure cyber future for our nation's schools, with a focus on simple, prioritized actions schools can take to measurably reduce cyber risk."
One of the key findings of the report is that leaders should leverage security investments to focus on the most impactful steps. Schools should begin by implementing multi-factor authentication (MFA), mitigating known vulnerabilities, regularly testing backups, and implementing a strong cybersecurity training program.
Over time, they should progress to fully adopting CISA's Cybersecurity Performance Goals and ultimately develop an enterprise cybersecurity plan based on the NIST Cybersecurity Framework.
The report also stresses the importance of elevating cybersecurity risk management as a top priority for administrators, superintendents, and other leaders at every K-12 institution. Leaders should take creative approaches to securing necessary resources, such as leveraging available grant programs, working with technology providers to benefit from low-cost services and products that are secure by design and default, and migrating to secure cloud environments and trusted managed services.
The third point of emphasis in the report focuses on the importance of collaboration and information sharing among schools districts. Schools should participate in information-sharing forums, such as the Multi-State Information Sharing and Analysis Center (MS-ISAC) or the K12 Security Information eXchange (K12 SIX), and establish a relationship with CISA and FBI field personnel.
By following the recommendations outlined in the report, schools can improve their cybersecurity posture and better protect their students, teachers, administrators, and their families.
See the entire report from CISA, Partnering to Safeguard K-12 Organizations from Cybersecurity Threats, for more information.