WASHINGTON, D.C. – Legislation authored by U.S. Senator Gary Peters (D-MI), Chairman of the Homeland Security and Governmental Affairs Committee, to enhance cybersecurity assistance to K-12 educational institutions across the country has passed the Senate. Schools are responsible for securing a considerable amount of sensitive records related to their students and employees, including student grades, family records, medical histories, and employment information. The bill, which the Homeland Security and Governmental Affairs Committee advanced last month, will help educational institutions bolster their cybersecurity protections by instructing the Cybersecurity and Infrastructure Security Agency (CISA) to examine the risks and challenges that schools face in securing their systems. Using their findings, CISA is charged with creating cybersecurity recommendations and other voluntary resources for schools to use when implementing their cybersecurity solutions. The legislation now heads to the U.S. House of Representatives.
“Increasing ransomware attacks against our K-12 schools are unacceptable and place children, faculty and staff at risk. Unfortunately, many school districts that store valuable personal information currently lack the means to defend themselves against complicated cyber-attacks and ensure their networks are protected,” said Senator Peters. “I’m pleased this bipartisan legislation has passed the Senate. I urge my colleagues in the House to quickly pass this legislation so we can safeguard students and help our dedicated educators and school administrators deter network breaches and ensure that criminals are not able to steal sensitive personal information.”
Cyber-attacks on schools increased over the past year as Americans’ daily lives and classrooms moved online during the pandemic, including attacks against schools in Michigan. In one attack on Walled Lake Consolidated Schools, hackers successfully accessed records and posted information online. In 2018, Johannesburg-Lewiston Area Schools in Michigan were targeted by a malicious ransomware attack that temporarily shut down the district’s systems.
The K-12 Cybersecurity Act directs DHS’s Cybersecurity and Infrastructure Security Agency (CISA) to work with teachers, school administrators, other federal departments and private sector organizations to complete a study of cybersecurity risks specific to K-12 educational institutions, including risks related to securing sensitive student and employee records and challenges related to remote-learning. Following the completion of that study, the bill directs CISA to develop cybersecurity recommendations and an online toolkit to help schools improve their cybersecurity hygiene. These voluntary tools would be made available on the DHS website along with other DHS school safety information.
The K-12 Cybersecurity Act has been endorsed by the Michigan Association for Computer Users in Learning, Consortium for School Networking, School Superintendents Association, National Association of Secondary School Principals and the American Federation of Teachers.