K12 edtech providers urged to provide better built-in security

"We need to address K12 cybersecurity issues at its foundation by ensuring schools and administrators have access to technology and software that is safe and secure right out of the box," CISA Director Jen Easterly in a statement. 

The pandemic brought forth an incredible surge of education technology tools and opportunities that seek to enhance student learning and promote classroom engagement. However, such innovations have unintentionally opened the doors for dangerous cyber criminals to retrieve sensitive student and staff data, a trend we’ve seen unfold over the past few years. Now, one organization seeks to hold edtech providers accountable for creating safe and secure products for their users.

The Cybersecurity and Infrastructure Agency announced on Tuesday a voluntary pledge for K12 education edtech providers to commit to creating products with better security in mind for users.

“We need to address K12 cybersecurity issues at its foundation by ensuring schools and administrators have access to technology and software that is safe and secure right out of the box,” CISA Director Jen Easterly in a statement.

Several leading edtech providers have already signed the pledge, including PowerSchool, Clever, D2L and ClassLink, Instructure and GG4L.

“Our pledge commitments that we made are part of our ongoing efforts to help our customers and partners mitigate cybersecurity threats,” John Baker, CEO of D2L wrote. “Together, we can work to protect our K12 schools, educators, students, and their families, freeing them to focus on what matters most: teaching and learning.”

Companies that sign the pledge agree to adopt the three principles advised in CISA’s call to action:

  1. Take ownership of customer security outcomes
  2. Embrace radical transparency and accountability
  3. Lead from the top by making secure technology a key priority for company leadership

“We need all K12 software manufacturers to help us improve cybersecurity for the education sector by committing to prioritize security as a critical element of product development,” Easterly said.

More from DA: 10 reasons school communicators are quickly becoming leaders in their districts

The announcement comes just weeks after the White House’s first-ever summit addressing the ransomware crisis that plagues K12 education. Los Angeles Unified School District Superintendent Alberto Carvalho spoke at the event and shared some of what he learned from his own district’s experience navigating a high-profile ransomware attack.

“We don’t negotiate with terrorists,” he said. “We did not pay the ransom.”

The Associated Press also recently published a report revealing how serious the events that follow a major cyber attack are. At their worst, such attacks often expose confidential documents belonging to students and staff on the dark web that detail sensitive information, including “sexual assaults, psychiatric hospitalizations, abusive parents, truancy—even suicide attempts,” wrote AP’s Frank Bajak.

“If we want to safeguard our children’s futures we must protect their personal data,” said first lady Jill Biden, who is also a teacher, at the White House summit. “Every student deserves the opportunity to see a school counselor when they’re struggling and not worry that these conversations will be shared with the world.”

Micah Ward
Micah Wardhttps://districtadministration.com
Micah Ward is a District Administration staff writer. He recently earned his master’s degree in Journalism at the University of Alabama. He spent his time during graduate school working on his master’s thesis. He’s also a self-taught guitarist who loves playing folk-style music.

Most Popular