4 ways the National Cybersecurity Strategy could shape K-12

This audio is auto-generated. Please let us know if you have feedback.

The K-12 cybersecurity landscape faces numerous challenges — from finding and retaining staff to facing the ongoing threat of ransomware attacks that can shut schools down for days and result in the theft of district funds or sensitive data

With the White House’s release of its National Cybersecurity Strategy last week, some K-12 technology experts remain cautiously optimistic the plan will lay a foundation for much-needed upgrades to help school districts nationwide. A key focus in the national plan is to shift the burden away from local governments and under-resourced consumers. Instead, the strategy suggests the cyber defense onus should fall more on major technology companies.

District technology leaders “are doing everything they can to protect networks and data, but as the federal government has shown, K-12 is just a top target for things like ransomware,” said Keith Krueger, CEO of the Consortium for School Networking, or CoSN. 

While the National Cybersecurity Strategy is a great first step, Krueger said, there needs to be “swift follow-through at all levels of government.”

Holding tech companies accountable

Between 2016 and 2021, school district vendors were “responsible” as the entry point for 55% of K-12 data breaches, according to a 2022 report by the nonprofit K12 Security Information Exchange. 

In New York City Public Schools, a January 2022 cyberattack on ed tech company Illuminate Education led to a data breach of 820,000 current and former public school students. That followed a similar mass data breach in Chicago Public Schools in December 2021, when nonprofit ed tech provider Battelle for Kids fell victim to a ransomware attack.  

Krueger said it’s notable the White House strategy calls for shifting cybersecurity responsibilities away from individuals, small businesses or local governments — which could include schools.

Vendors “have a moral responsibility to defend secure applications and also protect their infrastructure,” said Keith Bockwoldt, chief information officer at Hinsdale Township High School District 86 in Illinois. Ultimately, both districts and vendors need to do their part to protect staff and students’ personal data, he said. 

“If the cost of an application goes up because of it, knowing that I have a secure infrastructure or a secure application that I’m using, I’d be willing to pay for it,” Bockwoldt said. Though, he added, that opportunity to pay more for a guaranteed secure app doesn’t often arise. 

The national plan also seeks to provide grant opportunities to encourage companies to secure their apps.

“I think that’s a good olive branch on the government’s side,” Bockwoldt said.

More cybersecurity training

Another goal of the national strategy is to build up and diversify the pipeline for cybersecurity professionals. One way will be to continue funding the Cybersecurity and Infrastructure Security Agency’s Cybersecurity Education and Training Assistance Program. 

A current grant recipient in that program is Cyber.org, a virtual cybersecurity education program that began in Louisiana and recently expanded to all 50 states. It’s important to begin educating students on cybersecurity as early as kindergarten, said Laurie Salvail, executive director of Cyber.org, in an emailed statement.

“Ensuring that every K-12 student is exposed to cybersecurity in the classroom is essential [for] growing their confidence to pursue careers in the workforce,” Salvail said. Addressing the shortage in these postions will help both private and public organizations in protecting themselves “from outside threats, advancing U.S. innovation, and diversifying our country’s cybersecurity workforce,” Salvail added.

The cybersecurity profession is dealing with significant workforce shortages across the board. In the K-12 sector, it’s even more difficult to find someone and keep them for more than a couple of years, often due to budget constraints.

Both Bockwoldt and Krueger said they’re excited the White House strategy aims to bolster the cybersecurity workforce. But Krueger said schools will have to get more creative in hiring cybersecurity professionals by partnering with community or vocational schools or training students within the district. 

This article originally appeared in www.k12dive.com

Leave a Reply

Your email address will not be published.