White House Pushes Cybersecurity Defense for K-12 Schools

The Biden administration says it want to get ahead of ransomware attacks against schools before tens of millions of pupils begin resuming studies later this month.

See Also: Live Webinar | Unmasking Pegasus: Understand the Threat & Strengthen Your Digital Defense

Typically understaffed and underfunded when it comes to cybersecurity, American K-12 schools have experienced a ramp up in ransomware attacks, particularly after the novel coronavirus pandemic forced hasty adoption of remote tools for teaching. School districts in four states – Massachusetts, Michigan, Minnesota and West Virginia – had to cancel classes or close completely after a cyberattack during the last school year, the White House told reporters Sunday evening.

“We must take cyberattacks on our schools just seriously as we take physical attacks on critical infrastructure,” said Cindy Marten, education deputy secretary, during the call.

Monday should see a slew of activity aimed at making it harder for attackers to reach school networks, including establishment of a new government cybersecurity council headed by the Department of Education, whose membership will seek to coordinate activities for cyber resilience among tens of thousands of school districts. One cybersecurity researcher counted 120 publicly reported ransomware attacks during 2023 – with the total number likely to be much higher.

The Cybersecurity and Infrastructure Security Agency says it will train 300 K-12 entities over the coming school year and will conduct approximately one K-12 cyber exercise per month this year.

The agency and the Education Department will release three guidance documents outlining steps to better protect educational infrastructure. Among the recommendations are to enable multifactor authentication, use strong and unique passwords, recognize phishing attempts and keep software updated.

The Federal Communication Commission has already proposed a $200 million program to use the Universal Service Fund to strengthen the cyber defenses of school districts and public libraries.

The White House plans to highlight those commitments in a cybersecurity summit today hosted by First Lady Jill Biden, Secretary of Education Miguel Cardona and Secretary of Homeland Security Alejandro Mayorkas.

Not included on the list of activities is any new announcement of cybersecurity regulations. The Biden administration early in its tenure initiated a review of existing regulations with an eye to expanding their application to critical infrastructure sectors (see: Biden Administration Ramps Up Cybersecurity Requirements).

Officials concluded “there was limited regulatory authority” when it comes to the education sector, a senior administration official said during the Sunday press call. “We’re starting with this event, to catalyze this action,” the official said.