As cyberattacks and other external threats continue to plague K12 schools across the country, state lawmakers are stepping up to the plate to ensure student and staff data are protected against cybercriminals. Thankfully, we’re seeing a dramatic increase in attention from policymakers toward this issue. But is it enough?
A new report from the Consortium for School Networking (CoSN) offers the latest analysis of state and federal education cybersecurity bills and laws that arose in 2023. According to the data, state legislators introduced an “astounding” 250% increase in education-related cybersecurity bills, topping out at 307.
“This surge is indicative of state leaders’ heightened focus on the cybersecurity needs of the education sector coupled with their gradual exploration and adoption of a broader spectrum of policy changes,” the report declares.
However, among these bills, just 47 of them across 18 states focused solely on K12 education. Nine of these bills made the cut and were signed into law in nine states.
The authors highlighted six major themes that were central to the K12-focused cybersecurity bills introduced in 2023:
- Workforce expansion
- Technical assistance to districts
- Required curriculum
- Cyberinfrastructure funding
For example, in Michigan, lawmakers enacted Senate Bill 0173, an amendment to the State School Aid Act that allows schools to apply for grants as long as they conduct a feasibility study or analysis, which can include cybersecurity issues. It also establishes the Security Operations Center and reporting requirements that include “reporting on measurable outcomes including the response to cybersecurity incidents,” the report explains.
More from DA: 4 ways to ensure students are safe using edtech
Minnesota also enacted a law that provides funding to improve building security and cybersecurity. Schools can use these funds for cybersecurity insurance premiums.
Trends in cybersecurity policy development
Aside from these specific developments surrounding K12 cybersecurity support, the authors identified several noteworthy trends that arose in 2023:
- Cyber risk insurance funds: States created these funds for school districts to mitigate increasing insurance costs.
- Regional alliances and partnerships: Momentum has grown behind partnerships to promote information sharing and collaborative responses to cybersecurity incidents.
- Cybersecurity workshop expansion: Scholarship programs have been established to address the shortage of qualified cybersecurity experts.
- Governance enhancement: Efforts have been made to bolster governance structures to consolidate responsibility and promote prevention and response mechanisms across agencies.
- Cybersecurity task forces: Several task forces have been established to study and evaluate the cybersecurity landscape, including how artificial intelligence impacts the field.