In early August, the White House and the Department of Education announced a federal effort to bolster K-12 cybersecurity at a summit and not a moment too soon. Shortly after the announcement, the New Haven Connecticut public schools suffered a $6 million breach as the email of one of the school officials was compromised. Schools are known to have a lot of sensitive data that is marketable on the dark web. Hackers also know that many schools do not have sufficient resources, both in staff and dollars, to adequately mitigate the risks.
The ransomware attack at the Los Angeles Unified School District (LAUSD) last year showed that even with staff who are trained and tools to help prevent vulnerabilities, a school can still be compromised, and the damage can be severe. Learning from others who have lived through these events is paramount. The Superintendent of LAUSD participated in the recent summit and shared some sage advice of best practices for protecting schools. One in particular is maintaining a “rolodex of influencers” and ensure you call the FBI. Ensure that your emergency contacts include all cybersecurity experts that can help you manage a crisis. According to Paul Abbate, the deputy director of the FBI, you need the help of federal defenses to fight cybercriminals so the list should include the FBI. Other agencies are getting involved including the Education and Homeland Security departments, the CISA, the Federal Communications Commission and the White House.
The White House announced that several government agencies are stepping up to help. The Federal Communications Commission (FCC) is proposing a pilot program that would provide up to $200 million over three years for strengthening cybersecurity defenses. The money would be allocated from the Universal Service Fund which has been used in part to provide internet access to schools. The Cybersecurity and Infrastructure Security Agency (CISA) also plans to help train and assess cybersecurity practices at 300 new “K-12 entities” in the upcoming school year. Both the Federal Bureau of Investigation and National Guard Bureau will release new resources explaining how to report cybersecurity incidents.
The summit also resulted in other education technology companies committing to increasing their security posture and support for schools. Cloudflare, which is an IT service management firm, is offering free tools to help small school districts with minimizing cyber risks. PowerSchool, Google, and D2L indicated that their companies are taking steps to prevent malicious cyber activities as part of the White House efforts. Lastly, Amazon Web Services announced it will provide $20 million in grants to districts and state education agencies for cyber skill-building, along with free security reviews. The grant application is open through December 31, 2023. For more information about the grant click here.
Shari Diamond, CIA
Partner
Shari has been with Cerini & Associates, LLP since 2008 where she works primarily with the firm’s school district clients providing internal audit and claims audit services. She has over twenty years’ experience performing internal audits, risk assessments, and compliance reviews, as well as recommending processes to strengthen the internal controls environment while increasing efficiencies. Her prior experience at PWC and Northrop Grumman included performing Information Technology audits.