Ed-Tech Policy

Schools Are Major Targets of Cyberattacks. A Bipartisan Effort in Congress Aims to Help

By Lauraine Langreo — April 20, 2023 3 min read
Silhouette of a hacker in a hoodie using laptop with binary code overlay.
  • Save to favorites
  • Print

A bipartisan group of federal lawmakers reintroduced legislation that they argue would strengthen cybersecurity in schools.

The Enhancing K-12 Cybersecurity Act would give schools and districts better access to cybersecurity resources and improve tracking of K-12 cyberattacks nationally. The bill is sponsored by Reps. Doris Matsui, D-Calif., and Zach Nunn, R-Iowa, and Sens. Marsha Blackburn, R-Tenn., and Mark Warner, D-Va.

The proposal comes as cyberattacks targeting schools are becoming more common and more sophisticated. There have been 1,619 publicly disclosed cyber incidents between 2016 and 2022, according to K12 Security Information Exchange (K12 SIX), a nonprofit focused on helping schools prevent cyberattacks. Hackers have targeted districts of all sizes, including Los Angeles Unified, the nation’s second largest.

“Cybercriminals are rapidly evolving their strategies to cause chaos and disruption, yet a lack of resources for our schools is forcing them to do more with less,” said Matsui, the ranking member of the House Energy and Commerce Subcommittee on Communications and Technology, in a statement. “The Enhancing K-12 Cybersecurity Act would establish a crucial roadmap to prepare our K-12 cyberinfrastructure for future attacks.”

The legislation would direct the federal Cybersecurity and Infrastructure Security Agency (CISA) to establish a Cybersecurity Incident Registry to track incidents of cyberattacks on K-12 schools. Submitting incidents to the registry would be voluntary, and the information would be used to conduct trend analyses, increase awareness, and develop strategies to prevent and respond to incidents.

“There are a lot of very strong reasons that we want school systems to share information about their experience with cybersecurity,” said Doug Levin, the national director of K12 SIX. It informs policymakers, it helps law enforcement, it helps other school systems protect themselves from copycat attacks, and it informs the public if sensitive data has been inappropriately accessed.

While “it’s not unusual to see voluntary reporting regimes, the jury’s out on how effective that may be,” Levin said. “If there is not a direct return to the organization who is submitting that information, it just feels like an unfunded mandate. If the data goes into a black hole and if they’re not seeing a benefit, it can be difficult to convince people to do that work.”

Having voluntary reporting systems also means that districts might underreport incidents, Levin said.

Some states, such as New York and Texas, mandate K-12 schools to report data breaches and cyberattacks. And a federal cybersecurity incident reporting law passed in 2022 might include schools as one of the organizations required to report, but it’s still going through the rulemaking process, according to Levin.

The Enhancing K-12 Cybersecurity Act would also establish a program, which would be funded up to $20 million over two fiscal years, that would help districts address cybersecurity risks and threats to their information systems and networks.

The legislation would also direct CISA to establish a Cybersecurity Information Exchange to publish information, best practices, and grant opportunities to improve cybersecurity.

“This [$20 million] is a drop in the bucket in terms of need. I certainly wouldn’t say that it is sufficient,” Levin said. “But if invested smartly, at a national level, it can make a tremendous difference.”

The bill was first introduced in the U.S. House of Representatives in 2021 with bipartisan support. While it didn’t advance, Congress instead passed the K-12 Cybersecurity Act, which mandated CISA to publish a report on the risks K-12 schools face, along with recommendations and resources to help schools reduce risks and maintain resilient cybersecurity programs.

The CISA report was published in January and showed that the K-12 sector is becoming increasingly vulnerable and needs assistance. The agency recommended implementing effective security measures, addressing resources constraints, and focusing on collaboration.

Education organizations such as the State Educational Technology Directors Association and the Consortium for School Networking have endorsed the bill.

“It’s encouraging that Congress is continuing to be responsive, at least in part, to the concerns of the K-12 community,” Levin said. “This shouldn’t be a partisan issue. So whether it is this [bill] or something like this, the support from Congress would be much appreciated and put to good use.”

Related Tags:

Events

This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
Reading & Literacy Webinar
Literacy Success: How Districts Are Closing Reading Gaps Fast
67% of 4th graders read below grade level. Learn how high-dosage virtual tutoring is closing the reading gap in schools across the country.
Content provided by Ignite Reading
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
Artificial Intelligence Webinar
AI and Educational Leadership: Driving Innovation and Equity
Discover how to leverage AI to transform teaching, leadership, and administration. Network with experts and learn practical strategies.
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
School Climate & Safety Webinar
Investing in Success: Leading a Culture of Safety and Support
Content provided by Boys Town

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
View Jobs
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
View Jobs
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
View Jobs
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.
View Jobs

Read Next

Ed-Tech Policy Cellphone Restrictions Are Coming to California Schools
A new law requires all public schools in California to limit students' access to cellphones during the school day.
2 min read
Young girl using a cellphone in class. On her desk is an open notebook and a pencil.
skynesher / iStock/Getty
Ed-Tech Policy From Our Research Center Why Schools Are Getting a Jump on Their Smartwatch Policies
A small but growing number of schools are adding smartwatches to their cellphone policies.
4 min read
Student is working in a school notebook with a pen. He has a smart watch on his wrist.
Forty percent of educators think smartwatches pose a behavioral or disciplinary challenge, new research shows.
galitskaya/iStock/Getty
Ed-Tech Policy Teachers Want Cellphones Out of Classrooms
Members of the nation's largest teachers' union say they want bans on cellphones during class time.
3 min read
A sign is shown over a phone holder in a classroom at Delta High School, Friday, Feb. 23, 2024, in Delta, Utah. At the rural Utah school, there is a strict policy requiring students to check their phones at the door when entering every class. Each classroom has a cellphone storage unit that looks like an over-the-door shoe bag with three dozen smartphone-sized slots.
A sign in a classroom at Delta High School in February reinforces the policy of the rural Utah school that students check their phones at the door as they enter each classroom.
Rick Bowmer/AP
Ed-Tech Policy E-Rate Is in Legal Jeopardy. Here’s What Schools Stand to Lose
The FCC released a fact sheet about how the E-rate helps schools in response to a court ruling that threatens the program's funding.
1 min read
Photograph of a young girl reading, wearing headphones and working at her desk at home with laptop near by.
iStock/Getty Images Plus