Critical Infrastructure Protection: Education Should Take Additional Steps to Help Protect K-12 Schools from Cyber Threats

Codi Saxon

What GAO Identified Federal steerage, this kind of as the Nationwide Infrastructure Defense Program (Nationwide Approach), specify the roles and duties of the Department of Homeland Security’s Cybersecurity and Infrastructure Protection Agency (CISA), the Department of Education’s Business of Harmless and Safe Universities, and the Federal Bureau of Investigation to […]

What GAO Identified

Federal steerage, this kind of as the Nationwide Infrastructure Defense Program (Nationwide Approach), specify the roles and duties of the Department of Homeland Security’s Cybersecurity and Infrastructure Protection Agency (CISA), the Department of Education’s Business of Harmless and Safe Universities, and the Federal Bureau of Investigation to guide college districts in preserving against cyber threats. These companies have delivered plans, services, and assist to guide kindergarten as a result of 12th grade (K-12) educational facilities in defending against cyber threats. Examples of these help incorporate incident response aid, network checking tools, and steering for mom and dad and students on planning for the cyber threats that pupils deal with on the internet (see table).

Federal Means for Cyberattacks on Kindergarten as a result of Grade 12 (K-12) Educational facilities

As the guide for the schooling subsector, the Division of Education is responsible for (1) developing and retaining a sector-distinct plan to deal with cybersecurity hazards at K-12 faculties, and (2) pinpointing the will need for sector-particular guidance. The Instruction Amenities approach was developed and issued in 2010. Since then, the cybersecurity dangers facing the subsector have considerably modified. Among the other issues, universities have significantly documented ransomware and other cyberattacks that can trigger important disruptions to college functions, as a result highlighting the significance of securing K-12 schools’ IT programs. According to information from K-12 Safety Details Trade, colleges publicly claimed 62 ransomware incidents in 2019, as opposed to 11 ransomware incidents claimed in 2018. Nevertheless, Education has not updated its 2010 strategy and has not identified regardless of whether sector-specific advice is required for K-12 faculties to assistance guard from cyber threats. Education officials stated that the section has not up-to-date the sector approach and not decided the require for sector-distinct steering simply because CISA has not directed it to do so. Nonetheless, as earlier stated, the division is responsible for updating its sector plan and identifying the require for guidance. As a outcome, K-12 faculties are significantly less probable to have the federal goods, companies, and help that can best enable guard them from cyberattacks.

Why GAO Did This Research

When the COVID-19 pandemic pressured the closure of faculties across the country, quite a few K-12 schools moved from in-man or woman to remote instruction, escalating their dependence on IT and making them likely far more susceptible to cyberattacks. Education and learning Services, together with K-12 faculties, is one particular of the nation’s crucial infrastructure subsectors. Numerous businesses have a position in shielding the subsector.

GAO was questioned to evaluate cybersecurity in K-12 schools. The goal of this report is to ascertain the extent that federal businesses have assisted universities in shielding them selves from cyber threats. To do so, GAO determined rules and federal direction that specify the roles and tasks of federal agencies to aid faculties in defending from cyber threats. GAO analyzed documentation of the varieties of goods and companies federal companies have in put to determine, defend, detect, respond, and get better from attacks. In addition, GAO interviewed federal officers about such items and companies they supply to K-12 universities.

Next Post

Palm Beach County's school mask mandate violates state policy, board of education rules

TALLAHASSEE, Fla. — As predicted, the Florida Board of Schooling on Thursday ruled that eight community faculty districts — such as Palm Beach County — violated state plan by mandating experience masks for students without the need of the capacity for them to opt out. The Sport College District of […]