White House Pushes Cybersecurity Defense for K-12 SchoolsEducators Gird for Fresh Ransomware Attacks as Students Set to Return to School
The Biden administration says it want to get ahead of ransomware attacks against schools before tens of millions of pupils resume studies later this month.
Typically understaffed and underfunded when it comes to cybersecurity, American K-12 schools have experienced a ramp-up in ransomware attacks, particularly after the novel coronavirus pandemic forced hasty adoption of remote tools for teaching. School districts in four states - Massachusetts, Michigan, Minnesota and West Virginia - had to cancel classes or close completely after a cyberattack during the last school year, the White House told reporters Sunday evening.
"We must take cyberattacks on our schools just as seriously as we take physical attacks on critical infrastructure," said Cindy Marten, education deputy secretary, during the call.
On Monday there should be a slew of activity aimed at making it harder for attackers to reach school networks, including establishment of a new government cybersecurity council headed by the Department of Education, whose membership will seek to coordinate activities for cyber resilience among tens of thousands of school districts. One cybersecurity researcher counted 120 publicly reported ransomware attacks during 2023 - and the total number is likely to be much higher.
The Cybersecurity and Infrastructure Security Agency said it will train 300 K-12 entities over the coming school year and will conduct approximately one K-12 cyber exercise per month this year.
The agency and the Education Department will release three guidance documents outlining steps to better protect educational infrastructure. The recommendations include enabling multifactor authentication, using strong and unique passwords, recognizing phishing attempts and keeping software updated.
The White House plans to highlight those commitments in a cybersecurity summit today hosted by First Lady Jill Biden, Secretary of Education Miguel Cardona and Secretary of Homeland Security Alejandro Mayorkas.
Not included on the list of activities is any new announcement of cybersecurity regulations. The Biden administration early in its tenure initiated a review of existing regulations with an eye to expanding their application to critical infrastructure sectors (see: Biden Administration Ramps Up Cybersecurity Requirements).
Officials concluded "there was limited regulatory authority" when it comes to the education sector, a senior administration official said during the Sunday press call. "We're starting with this event, to catalyze this action," the official said.