The U.S. Department of Education is working with the University of California, Berkeley's Center for Long-Term Cybersecurity to strengthen collaboration between educational technology vendors and cybersecurity experts in schools.
Goal: Stop the tsunami of attacks School districts increasingly rely on the platforms, applications, and other technologies that schools use to teach, learn, and operate.
The initiative, known as the Partnership for the Advancement of Cybersecurity in Education (PACE), will convene a summit of cybersecurity experts and education technology vendors in October.
“By integrating the expertise of cybersecurity experts and the innovation of leading education technology vendors, we are able to address cyber vulnerabilities before they lead to ransomware attacks that disrupt student learning, school operations, and compromise sensitive student data.” ” said the U.S. Deputy Secretary. Education Secretary Cindy Marten said in a statement. “This partnership will generate actionable insights to strengthen the resilience of the edtech sector and ensure that our educational tools are not only effective, but also safe.”
Cyberattacks are an increasingly serious problem for school districts, potentially costing school districts millions of dollars and days or weeks of lost learning time.
According to a survey of IT professionals conducted last year by cybersecurity firm Sophos, 80% of K-12 schools have been targeted by ransomware in the past year.. This is a higher percentage than any other industry surveyed, including healthcare and financial services.
Additionally, educational technology leaders across the country recently ranked cybersecurity as a top priority for the seventh year in a row in a survey of 980 K-12 technology professionals. Delivered by the Consortium for School Networking (CoSN).
The problem has become even more acute as school districts across the country deploy new education technology tools, including to enable virtual learning during the pandemic. The introduction of new platforms and products has made districts increasingly vulnerable to attacks.
In fact, 55% of data breaches in K-12 schools from 2016 to 2021 were carried out using education technology vendors, according to data provided by the department. This included attacks on large, resource-rich districts, such as New York City's public schools.
The PACE Initiative's October event will include a discussion of the so-called “Secure by Design Principles.”” requires that products and applications include features such as multi-factor authentication and single sign-on as standard practice at no additional cost to school districts.
This event will also explore other long-term solutions to common product vulnerabilities.
“PACE will help reduce and shift some of the burden of cyber risk management from school district leaders to the primary education technology providers whose systems districts rely on every day for teaching, learning, and operations. “We aim to do that,” said Sarah Poisek, PACE program director. The Long Term Cyber Security Center for Public Interest Cybersecurity said in a statement. “K-12 leaders play an important advisory role by highlighting cybersecurity issues and vetting recommendations that emerge from PACE events.”
Multiple initiatives to counter cyberattacks on schools
This is not the department's only recent effort to combat cybercrime in schools.
The agency launched a council in March. We help K-12 schools strengthen their cybersecurity practices.
Other federal agencies responsible for internet connectivity in schools also consider cybersecurity a top concern.
Federal Communications Commission Chairwoman Jessica Rosenworcel proposed a pilot program Competitive grants of up to $200 million over three years will be awarded to protect schools and libraries from increasingly sophisticated cyber threats.
But the federal government didn't always pay that much attention to the issue.Government Accountability Board 2022 Report It found that the federal government, including the Department of Education, had largely failed to take several important steps to help schools prevent, plan for, and respond to such attacks.
CoSN Executive Director Keith Krueger praised the department's direction.
“It seems like a great idea to get technical support from companies” when it comes to cybersecurity, he said. “There are a lot of startups that need help in this space.”
Doug Levin, Co-Founder and National Director, K12 Security Information Exchangeagreed.
“There is no question that for under-resourced school systems focused on supply chain, the vendors they rely on for everything in the back office, not just the classroom, are smart and important.”
And he liked that edtech companies could opt into the conversation. “I think it's very appropriate to start with a voluntary initiative like this,” he said.
But he cautioned that stopping attacks on vendors will not be easy. “Only the weakest link in the chain” is needed to cause an attack.
Jun Kim, Director of Technology and Education Week Leader at Moore Public Schools, Oklahoma.is optimistic that this initiative will get edtech companies on the same page when it comes to cybersecurity.
“If these companies get past the 'mine, mine' mentality and say, 'We're actually going to do something about it,' they can shake hands with other companies and have that encounter. I hope we can find a place where we can say, “This is the standard.'' ” I hope they can get there. I think that will happen. ”
