Monday, May 20, 2024

Schools are prime targets of cyberattacks. Bipartisan effort in Congress aims to help


A bipartisan group of federal lawmakers reintroduced legislation that they argue would strengthen cyber security in schools.

Enhancing the K-12 Cybersecurity Act Will give schools and districts better access to cyber security resources and improve tracking of K-12 cyber attacks nationally. The bill is sponsored by Reps. Doris Matsui, D-Calif., and Zach Nunn, R-Iowa, and Sens. Marsha Blackburn, R-Tenn., and Mark Warner, D-Va.

The offer comes in the form of a cyberattack The targeting of schools is becoming more common and more sophisticated. There are 1,619 publicly disclosed cyber incidents between 2016 and 2022, according to the K12 Security Information Exchange (K12 SIX), a nonprofit focused on helping schools prevent cyber attacks. Hackers have targeted districts of all sizes, including Los Angeles Unified Second largest in the country.

Matsui, ranking member of the House Energy and Commerce Subcommittee on Communications and Technology, said, “Cybercriminals are rapidly evolving their strategies to cause chaos and disruption, yet our schools lack the resources to mitigate them.” Forcing.” a statement. “The Enhancing K-12 Cyber ​​Security Act will establish an important roadmap for preparing our K-12 cyber infrastructure for future attacks.”

The legislation would direct the federal Cybersecurity and Infrastructure Security Agency (CISA) to set up a cybersecurity incident registry to track incidents of cyberattacks on K-12 schools. Submission of incidents to the registry will be voluntary, and the information will be used to conduct trend analysis, raise awareness and develop strategies to prevent and respond to incidents.

“There are a lot of strong reasons why we want school systems to share information about their experiences with cyber security,” said Doug Levine, national director of K12 SIX. It informs policy makers, it helps law enforcement, it helps other school systems protect themselves from copycat attacks, and it notifies the public if sensitive data has been improperly accessed. does.

While “it’s not unusual to see voluntary reporting regimes, how effective can a jury be,” Levine said. “If the organization that’s accumulating that information doesn’t get a direct return, then it just seems like an unfunded mandate. If the data goes into a black hole and if they’re not seeing any benefit, then people have to do that work.” It can be difficult to persuade.

Levine said that having a voluntary reporting system also means that districts may be under-reporting incidents.

Some states, such as New York and Texas, mandate K-12 schools to report data breaches and cyberattacks. And Reporting a Federal Cyber ​​Security Incident Legislation passed in 2022 could include schools as one of the organizations required to report, according to Levin, but it is still going through the rule-making process.

The Enhancing K-12 Cybersecurity Act would also establish a program, to be funded up to $20 million over two fiscal years, to help districts address cybersecurity risks and threats to their information systems and networks.

The legislation will also direct CISA to publish information, best practices and set up a cyber security information exchange to provide opportunities for improving cyber security.

“This [$20 million] There is a drop in the bucket in case of need. I certainly wouldn’t say it’s enough,” Levin said. “But if smartly invested at the national level, it can make a tremendous difference.”

The bill was first introduced in the US House of Representatives in 2021 with bipartisan support. While this did not move forward, Congress instead passed the K-12 Cybersecurity Act, which mandated CISA to publish a report on the risks to K-12 schools, as well as provide schools with ways to reduce risks and provide flexible cyber security programs. Gave recommendations and resources to help keep up.

CISA report was published in January and showed that the K-12 sector is becoming increasingly vulnerable and is in need of assistance. The agency recommended implementing effective safeguards, addressing resource constraints and focusing on collaboration.

Education organizations such as the State Educational Technology Directors Association and the Consortium for School Networking have supported the bill.

“It is encouraging that Congress has remained at least partially responsive to the concerns of the K-12 community,” Levin said. “It shouldn’t be a partisan issue. So is it [bill] Or something like that, support from Congress would be greatly appreciated and would be put to good use.