To keep up with a surge of attacks, the US Department of Education and Department of Homeland Security (DHS) were encouraged this week to quickly tighten cybersecurity measures at K-12 schools across the country.
Senators Maggie Hassan (D-NH), Jacky Rosen (D-NV), Kyrsten Sinema (D-AZ), and Chris Van Hollen (D-MD) have issued the call to action. It was triggered by a report published on Friday by the Government Accountability Office (GAO), which found the Education Department’s existing strategy for dealing with K-12 school threats to be severely outdated and primarily focused on reducing physical threats.
According to the four US Senators, K-12 schools are increasingly being targeted by various adversaries due to the fast emergence of ransomware. A database of publicly reported cybersecurity incidents reveals nearly three times as many incidents in K-12 schools in 2019 as there were in 2018, with an additional 18% increase in 2020 over 2019. Ransomware strikes on school systems in New Hampshire, Nevada, Arizona, and Maryland are among the cases.
As per Emsisoft threat researcher Brett Callow, ransomware operations have impacted education at around 1,000 universities, colleges, and schools since the beginning of the year, putting the impact of ransomware on US educational facilities in 2021 in context. While the figure is lower than in 2020 (when 1,681 educational institutions were hacked), ransomware attacks have primarily targeted smaller school districts this year.
The GAO discovered that the two federal agencies had given K-12 schools programs, services, and support (such as incident response assistance, network monitoring tools, and parental and student advice) to help them protect themselves against these continuous threats. However, as seen by the rising number of successful cybersecurity incidents affecting K-12 schools, K-12 education needs further help.
The senators further said that they completely agree with the GAO’s suggestions that the Department of Education updates the Education Facilities subsector-specific plan and consider if subsector-specific advice is needed. It’s pleasing to see that the Department of Education agreed with the proposal.
The two agencies were also advised to form an education facilities coordination council to promote improved cooperation between federal, state, local, and private sector organizations that serve K-12 schools. Senators claim that this would boost their defenses against cyberattacks, similar to what happened in the Election Infrastructure subsector.