(TNS) — The U.S. Department of Education is collaborating with the Center for Long-Term Cybersecurity at the University of California, Berkeley, in an effort to strengthen collaboration between education technology vendors and cybersecurity experts in schools.
The goal: to stem the tsunami of attacks against school districts that increasingly stem from the platforms, applications, and other technologies schools use to teach, learn, and operate.
The initiative, known as the Partnership for the Advancement of Cybersecurity in Education (PACE), will bring together cybersecurity experts and education technology vendors for a summit in October.
“By integrating the expertise of cybersecurity experts and the innovation of leading education technology vendors, we are able to identify cyber vulnerabilities before they lead to ransomware attacks that disrupt student learning, school operations, and compromise sensitive student data.” ” said the U.S. Deputy Secretary. Education Secretary Cindy Marten said in a statement. “This partnership will develop actionable insights to ensure educational tools are not only effective but also safe, and strengthen the resiliency of the education technology sector.”
Cyberattacks, which can cost school districts millions of dollars and cause them to lose days or weeks of learning time, are an increasingly serious problem for school districts.
According to a survey of IT professionals last year by cybersecurity firm Sophos, 80% of K-12 schools have been targeted by ransomware in the past year. This is a higher percentage than any other industry surveyed, including healthcare and financial services.
Additionally, educational technology leaders across the country recently ranked cybersecurity as a top priority for the seventh consecutive year in a survey of 980 K-12 technology professionals conducted by the Consortium for School Networking (CoSN). I mentioned it.
The problem has become even more acute as school districts across the country implement new education technology tools, including to enable virtual learning during the pandemic. The introduction of new platforms and products has made districts increasingly vulnerable to attack.
In fact, 55% of data breaches in K-12 schools from 2016 to 2021 were carried out using education technology vendors, according to data provided by the department. This included attacks on large, resource-rich districts, such as New York City's public schools.
The PACE Initiative's October event will include a discussion of the so-called “Secure by Design Principles.” This principle requires products and applications to include features such as multi-factor authentication and single sign-on as standard practice and at no cost. Additional costs to the district.
This event will also explore other long-term solutions to common product vulnerabilities.
“PACE aims to shift some of the burden of cyber risk management from school district leaders to the leading education technology providers whose systems districts rely on every day for teaching, learning, and operations. ,” said program director Sarah Poisek. The Long-Term Cybersecurity Center for Public Interest Cybersecurity said in a statement. “K-12 leaders will play an important advisory role by highlighting cybersecurity issues and reviewing recommendations that emerged from PACE events.”
Educators interested in learning more can email pace@berkeley.edu for information.
Various efforts to combat cyber attacks against schools
This is not the department's only recent effort to combat cybercrime in schools.
In March, the agency launched a council to help K-12 schools strengthen their cybersecurity practices.
Other federal agencies responsible for internet connectivity in schools also consider cybersecurity a top concern.
Federal Communications Commission Chairwoman Jessica Rosenworcel has proposed a pilot program that would provide up to $200 million in competitive grants over three years to protect schools and libraries from increasingly sophisticated cyber threats. did.
But the federal government didn't always pay that much attention to the issue. A 2022 report from the Government Accountability Office found that the federal government, including the Department of Education, largely failed to take several key steps to help schools prevent, plan for, and respond to these attacks. did.
CoSN chief executive Keith Krueger praised the department's direction.
“It seems like a great idea to get technical support from companies” when it comes to cybersecurity, he said. “There are a lot of startups that need help in this space.”
Doug Levin, co-founder and national director of K12 Security Information Exchange, agreed.
“There is no question that for an under-resourced school system focused on its supply chain, the vendors it relies on for everything in the back office, not just the classroom, are smart and important.”
And he liked that edtech companies could opt into the conversation. “I think it's very appropriate to start with a voluntary initiative like this,” he said.
But he cautioned that stopping attacks on vendors will not be easy. “Only the weakest link in the chain” is needed to cause an attack.
Joon Kim, director of technology at Moore Public Schools in Oklahoma and leader of Education Week, is optimistic that this initiative will get edtech companies on the same page when it comes to cybersecurity.
“I hope these companies get over the 'mine, own' mentality and say, 'We're actually going to do something about it,' and shake hands with other companies and make that happen.” I hope we can find a place where we can meet and say, “This is the standard.'' ” I hope they can get there.
©2024 Education Week (Bethesda, Maryland). Distributed by Tribune Content Agency, LLC.
