The Biden administration announced on Aug. 7 its plan to bolster the cybersecurity and resilience of K–12 schools across the United States amid growing concerns over ransomware attacks.
The plan was unveiled after school administrators, educators, and private sector companies gathered at the White House to discuss best practices and new resources available to boost schools’ cybersecurity.
According to the White House, the Federal Communications Commission has proposed a pilot program under the Universal Service Fund to provide up to $200 million over three years to bolster cyber defenses in K–12 schools and libraries.
The Department of Education will form a coordinating council to arrange activities, policies, and communications among federal, state, local, tribal, and territorial education leaders about strengthening cyber defenses.
“Just as we expect everyone in a school system to plan and prepare for physical risks, we must now also ensure everyone helps plan and prepare for digital risks in our schools and classrooms,” Secretary of Education Miguel Cardona said in a statement.
In addition, the Cybersecurity and Infrastructure Security Agency (CISA) will facilitate exercises and deliver cybersecurity training for 300 new “K–12 entities” over the next school year.
CISA aims to organize 12 K–12 cyber exercises this year, averaging one per month, and has started seeking exercise requests from government and critical infrastructure partners, including the K–12 community.
The FBI and the National Guard Bureau will also release updated resource guides to ensure that state government and education officials know how to report cybersecurity incidents and leverage the federal government’s cyber defense capabilities.
Schools Closed Down Over Cyberattacks
According to the White House, at least eight K–12 school districts were targeted by “significant cyberattacks” in the 2022–2023 academic year, four of which left schools having to either cancel classes or shut down entirely.“Not only have these attacks disrupted school operations, but they also have impacted students, their families, teachers, and administrators,” it said in a statement.
“Sensitive personal information—including student grades, medical records, documented home issues, behavioral information, and financial information—of students and employees were stolen and publicly disclosed.”
“Additionally, sensitive information about school security systems was leaked online as a result of these attacks,” it added.
Cyberattacks resulted in disruptions to learning lasting from three days to three weeks, with recovery periods spanning from two to nine months, the U.S. Government Accountability Office reported in 2022.
Moreover, the monetary damages suffered by school districts as a result of these attacks ranged from $50,000 to $1 million.
The United States has increased efforts to bolster cybersecurity. On July 31, the Biden administration unveiled the National Cyber Workforce and Education Strategy, a first-of-its-kind comprehensive approach aimed at addressing immediate and long-term cyber workforce needs.
The Bureau of Cyberspace and Digital Policy (CDP) will seek to “address the national security challenges, economic opportunities, and implications for American values associated with cyberspace, digital technologies, and digital policy.”
The new bureau comes at a time of resurgent authoritarianism and mounting cyber threats from state-based actors including China and Russia.