CISA Helps Schools Strengthen Cybersecurity Efforts

Posted on May 22, 2023

Patrick Massey, CISA Region 10 Regional Director, CISARegion10@nullcisa.dhs.gov

The relationship Americans have with the schools their children attend has changed dramatically over the last few years. Now, parents and students alike are interacting online with schools and teachers in a variety of new ways.

From online grading and information on class assignments, to instructor communication and scheduling classes, we have never been more electronically connected to our schools, creating great conveniences.

While these advances have made education more accessible and effective, malicious cyber actors are hard at work trying to exploit vulnerabilities in these systems.

It’s a new challenge facing school administrators and school board members that could have far-reaching negative impacts if not addressed BEFORE a cyberattack occurs.

As elected school board members, you have the vital task of representing your respective communities to ensure children have access to the best education. But there is also the responsibility of a vast array operational issues – personal data safety and information technology security being some of the most important.

Schools are particularly exposed to cyberattacks and are an especially lucrative and vulnerable target given the presence of sensitive student and staff data. A cyberattack can immediately cripple a school and halt the education of our children. Impacts from cyberattacks have ranged from restricted access to networks and data, delayed exams, canceled school days, and unauthorized access to personal information of students and staff.

The Cybersecurity and Infrastructure Security Agency (CISA) has developed resources to help K-12 schools and school districts address cybersecurity risks. We also offer simple steps school leaders at all levels can take to strengthen their cybersecurity efforts. This includes school board members, administrators, principals, and teachers.

CISA recognizes that many K-12 entities don’t often have the resources needed to defend themselves from cyber threats, like ransomware attacks. They are what we refer to as “target rich and cyber poor.”

To address these issues, CISA provides three recommendations to help K-12 leaders build, operate, and maintain resilient cybersecurity programs:

Invest in the most impactful security measures and build toward a mature cybersecurity plan. See: Cross-Sector Cybersecurity Performance Goals | CISA
Recognize and actively address resource constraints.
Focus on collaboration and information-sharing. Consider joining the Multi-State Information Sharing and Analysis Center: MS-ISAC (cisecurity.org)

Additionally, CISA recently released a report, “Partnership to Safeguard K-12 Organizations from Cybersecurity Threats,” with an accompanying toolkit to give schools targeted resources to improve their cybersecurity.

The report provides recommendations and resources to help K-12 schools and school districts effectively reduce their cyber risk. This information is also critical to school board members to support their information technology staff who are working to improve resiliency against cyber intrusions.

The toolkit aligns resources and materials to each of CISA’s three recommendations along with guidance on how schools can implement each recommendation based on their current need. The toolkit also details free cybersecurity trainings and resources available for the K-12 community.

This report is only a starting point. CISA will continue to engage with federal partners, including the U.S. Department of Education, and work closely with state and local officials, school leaders, and the private sector to identify areas for progress and provide meaningful support that measurably reduces risk.

We hope that leaders in the K-12 community – including superintendents, district and school administrators, school boards, and state policymakers – will take advantage of this report and toolkit to better understand their cyber risks and take basic steps to reduce that risk.

There is no more important institution to the future prosperity and strength of the United States than our nation’s K–12 education system. CISA stands ready to partner with schools to improve your cyber defenses and resiliency.

For more information or assistance, please contact the Northwest regional office for CISA at CISARegion10@nullcisa.dhs.gov.

CISA, Cybersecurity and Infrastructure Security Agency, Guest Column, K-12 cybersecurity, Partnership to Safeguard K-12 Organizations from Cybersecurity Threats, Patrick Massey