Cyberattacks are now a daily threat to K-12 schools, but new guidance from federal cybersecurity and infrastructure security agencies It provides “simple, high-priority actions” that schools can take to protect against these threats.
Recommendations include investing in “high-impact security measures,” building toward a “mature cybersecurity plan,” leveraging various grant programs to reduce the cost of cybersecurity efforts, and sharing information. including cooperation for
This report comes more than a year after the K-12 Cybersecurity Act of 2021 was enacted. Established a K-12 cybersecurity initiative and called on CISA to publish a report, recommendations and resources on the risks facing K-12 schools. Help schools mitigate risk and maintain resilient cybersecurity programs.
Also, cyberattacks against schools have increased in recent years, and the use of technology in schools has increased as cybercriminals have become more sophisticated.More recently, Des Moines pPublic sschool areamaximum in Iowa, was a victim of a January 9th cyberattack that shut down the district’s servers and canceled classes for two days.
Keith Krueger, CEO of the nonprofit Consortium for Schools Networking, praised the report and its recommendations, calling it “a powerful step forward.” Kruger said he particularly appreciates the report’s suggestions to take advantage of available grant programs, such as the Federal Communications Commission’s E-Rate program..
Through listening sessions with K-12 leaders, CISA discovered a shortage of cybersecurity experts in K-12 agencies. You need clear, easy-to-adopt guidance. You need centralized governance to help allocate resources. And we need more effective oversight and accountability.
To address these challenges, CISA recommended the following key steps:
- Implement effective security measures. This includes using multi-factor authentication, remediating known security flaws, developing incident response plans, and conducting training and awareness campaigns. It also means using the CISA Cybersecurity Performance Objectives and the National Institute of Standards and Technology Cybersecurity Framework.
- Address resource constraints: States and districts can do this by leveraging state and local cybersecurity grant programs. This requires states or districts to establish cybersecurity planning committees to develop cybersecurity plans. The report also suggested using the FCC’s E-rate program. It provides subsidies for telecommunications and broadband related services for schools.
- Focus on collaboration: K-12 school districts should participate in information sharing forums such as the Multi-State Information Sharing and Analysis Center and the K-12 Security Information Exchange. The school district should also develop relationships with his CISA advisors in the area and his FBI field offices locally.
Tony Dotts, network system administrator for District 99 Community High School in Illinois, says the recommendation seems viable.
The procedures for securing the K-12 school district’s network “are not necessarily technical in nature,” Dotts said. “Something like implementation [multi-factor authentication], they have a technical side, but a lot of it really comes down to getting buy-in from managers, supervisors, etc. Implementing change is probably more complicated than the technical side. It’s a part. ”
For example, if your school district already uses Google as its email system, multi-factor authentication is already provided by Google and is easy to implement, Dotts said. “A lot of it is really just buy-in to change procedures,” he added.
Doug Levin, national director of the K12 Security Information Exchange, a nonprofit focused on helping schools prevent cyberattacks, said he’s heard similar challenges from technology leaders in other districts. said.
“District IT leaders are trying to do the right thing for their school community and implement some of these protections, but they are hindered by leadership that has other priorities. [and] Even if that inconvenience could mean the difference between whether it leads to a ransomware incident or not.
We hope the CISA report will help other K-12 school district leaders and policy makers understand “the risks and mitigations that school districts can and should implement in practice.” he added.
While this is a landmark report, experts say it still has a long way to go in helping the K-12 community.
Levin said he would have liked to see a “stronger call for additional resources and funding” and a “stronger call to the U.S. Department of Education” that should be playing a role in helping the school system recover. .Turn off cybersecurity threats, according to the Government Accountability Office.