In the wake of increased cybercrime targeting K12 schools, a bipartisan, bicameral group of lawmakers are reintroducing legislation that would strengthen districts’ cybersecurity protections.
The Enhancing K-12 Cybersecurity Act was proposed on Tuesday, which would require the Cybersecurity and Infrastructure Security Agency to give districts better access to cybersecurity best practices and information to help schools track cyberattacks on a national scale. Such changes would drastically improve security measures for smaller, less resourceful school districts that continue to fall victim to financially driven criminal actors.
“Cyberattacks continue to grow in size, frequency and complexity in critical U.S. institutions, including in America’s schools,” Sen. Marsha Blackburn, R-Tenn., one of the bill’s sponsors, said in a statement. “We must ensure that our education sector is equipped to address these threats and keep students’ personal information private. This bipartisan and bicameral legislation will improve the cybersecurity tracking system for schools and provide them with necessary training resources and best practices for intervention.”
The bill was first proposed in October 2020 and again in June 2021 but never made it for a vote in the House. However, since the education sector has become the number one target for cyberattacks over the past year, lawmakers hope to see change.
“Cybercriminals are rapidly evolving their strategies to cause chaos and disruption, yet a lack of resources for our schools is forcing them to do more with less,” bill sponsor Rep. Doris Matsui, D-Calif., said in a statement. “The Enhancing K-12 Cybersecurity Act would establish a crucial roadmap to prepare our K-12 cyberinfrastructure for future attacks.”
In September 2022, K12 schools and government officials received their first wake-up call when the nation’s second-largest school district Los Angeles Unified was hit with a ransomware attack, sending chills down the spines of smaller districts. In response, CISA, the FBI and the MultiState Information Sharing and Analysis Center released a joint advisory warning K12 school districts of an anticipated increase in cybercrime into 2023.
“School districts with limited cybersecurity capabilities and constrained resources are often the most vulnerable; however, the opportunistic targeting often seen with cyber criminals can still put school districts with robust cybersecurity programs at risk,” the advisory reads. “K12 institutions may be seen as particularly lucrative targets due to the amount of sensitive student data accessible through school systems or their managed providers.”
Their prediction has proven evident so far as several schools have already taken significant blows to their network as a result of a cyber threat. In January, Iowa’s largest school district Des Moines Public Schools was forced to cancel classes in response to “unusual activity” being detected on its network. Classes were canceled earlier this month for 42 Minnesota schools after Rochester Public Schools fell victim to a cyberattack.
“As cyberattacks continue to expose private information and disrupt infrastructure across industries, including in education, with increased frequency, we must ensure that schools are in the best position possible to prevent and respond to attacks,” said bill sponsor Sen. Mark Warner, D-VA. “This legislation will put in place necessary procedures to protect our students’ data and keep sensitive information private.”