By: Patrick Massey, CISA Region 10 Regional Director, CISARegion10@cisa.dhs.gov
The relationship families have with their children’s schools has changed dramatically over the last few years. Today, parents and students interact online with schools and teachers in a variety of ways.
Through online grading, information shared on class assignments, instructor communication and scheduling classes, families have never been more electronically connected to schools.
While technological advances have increased accessibility and communications, malicious cyber actors are hard at work trying to exploit vulnerabilities in these systems.
Cybersecurity is a new challenge facing school administrators and school board members that could have far-reaching negative impacts if not addressed BEFORE a cyberattack occurs.
As elected school board members, you have the vital task of representing your respective communities to ensure students have access to the best education. But there is also the responsibility of a vast array of operational issues – most importantly personal data safety and information technology security.
Schools are particularly vulnerable to cyberattacks and are an especially lucrative target given the presence of sensitive student and staff data. A cyberattack can immediately damage a school and halt students’ learning. Cyberattack impacts range from restricted access to networks and data, delayed exams, canceled school days, and unauthorized access to personal information of students and staff.
The Cybersecurity and Infrastructure Security Agency (CISA) has developed resources to help K-12 schools and school districts address cybersecurity risks. CISA also offers simple steps school board members, administrators, principals and teachers can take to strengthen their cybersecurity efforts.
CISA recognizes that many K-12 entities may not have the resources needed to defend themselves from cyberthreats, like ransomware attacks. These entities are referred to as “target rich and cyber poor.”
To address these issues, CISA provides three recommendations to help K-12 leaders build, operate and maintain resilient cybersecurity programs:
- Invest in the most impactful security measures and build toward a mature cybersecurity plan. See: Cross-Sector Cybersecurity Performance Goals | CISA
- Recognize and actively address resource constraints.
- Focus on collaboration and information-sharing. Consider joining the Multi-State Information Sharing and Analysis Center: MS-ISAC (cisecurity.org)
Additionally, CISA recently released a report Partnership to Safeguard K-12 Organizations from Cybersecurity Threats” with an accompanying toolkit to give schools targeted resources to improve their cybersecurity.
The report provides recommendations and resources to help K-12 schools and school districts effectively reduce their cyber risk. This information is also critical to school board members to support their information technology staff who are working to improve resiliency against cyber intrusions.
The toolkit aligns resources and materials to each of CISA’s three recommendations along with guidance on how schools can implement each recommendation based on their current need. The toolkit also details free cybersecurity trainings and resources available for the K-12 community.
This report is only a starting point. CISA will continue to engage with federal partners, such as the U.S. Department of Education, and work closely with state and local officials, school leaders and the private sector to identify areas for progress and provide meaningful support that measurably reduces risk.
We hope that leaders in the K-12 community – including superintendents, district and school administrators, school boards, and state policymakers – will take advantage of this report and toolkit to better understand and reduce their cyber risks.
There is no more important institution to the future prosperity and strength of the United States than our K-12 education system. CISA stands ready to partner with schools to improve your cyber defenses and resiliency.
For more information or assistance, please contact the Northwest regional office for CISA at CISARegion10@cisa.dhs.gov.
