Light Dark
December 29, 2021 By David Bisson 2 min read
News

Present Joe Biden signed the K-12 Cybersecurity Act into law, which lays out four objectives with the goal of strengthening the cybersecurity of the United States’ K-12 educational institutions. What do these mean for schools?

What is the K-12 Cybersecurity Act??

Introduced by U.S. Representative James R. Langevin (D-RI) as H.R.4691 in July, the K-12 Cybersecurity Act consists of four objectives.

The first aim is for the director of the Cybersecurity and Infrastructure Security Agency (CISA) to conduct a study on the cybersecurity risks confronting grades K-12 schools within 120 days of the act taking effect. As part of that study, CISA’s director will explore the challenges the education sector faces. These include securing information systems and protecting sensitive student and employee records, as well as putting cybersecurity protocols in place.

After completing the study and presenting their findings to Congress, the director will pursue the act’s second objective. CISA will publish guidelines that K-12 schools can follow to mitigate the digital risks confronting them.

Next, the director of CISA will use the survey’s findings and guidelines to develop an online training toolkit. The purpose of the resource will be to educate officials about best practices. In addition, it will provide officials with strategies that they can use to implement those guidelines.

The final objective of the K-12 Cybersecurity Act is for the director to make the findings of the study, the recommendations and the online training toolkit available to the public. They’ll be posted on the website of the Department of Homeland Security.

How to improve school cybersecurity today

As of this writing, CISA’s director still has several months to do this work. Some of those threats are already well-known, however. For instance, schools suffer from malware incidents and ransomware attacks. The logic here is that threat actors can steal K-12 schools’ data. With it, they can conduct follow-up attacks or monetize on the darknet.

Another issue with K-12 cybersecurity is that schools tend to lack cyber awareness and training. This makes it difficult for teachers and administrators to follow best practices (let alone know about them). This is even more true in an age of remote learning.

Therefore, K-12 schools can defend themselves against some of the threats discussed above by creating a security awareness training program. This program should use education modules to make people more familiar with the threats confronting them.

K-12 schools can complement those human controls with technical security measures. For example, use log monitoring and management to gain visibility over potential threats. In addition, use data backups to strengthen schools’ defenses against data destruction events such as ransomware. While the K-12 Cybersecurity Act has yet to show findings, these steps will help prepare and protect kids’ information in the meantime.

 |  |  | 
David Bisson
Contributing Editor

More from News
December 23, 2024

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

December 23, 2024

Ransomware attack on Rhode Island health system exposes data of hundreds of thousands

3 min read - Rhode Island is grappling with the fallout of a significant ransomware attack that has compromised the personal information of hundreds of thousands of residents enrolled in the state’s health and social services programs. Officials confirmed the attack on the RIBridges system—the state’s central platform for benefits like Medicaid and SNAP—after hackers infiltrated the system on December 5, planting malicious software and threatening to release sensitive data unless a ransom is paid. Governor Dan McKee, addressing the media, called the attack…

December 16, 2024

FBI, CISA issue warning for cross Apple-Android texting

3 min read - CISA and the FBI recently released a joint statement that the People's Republic of China (PRC) is targeting commercial telecommunications infrastructure as part of a significant cyber espionage campaign. As a result, the agencies released a joint guide, Enhanced Visibility and Hardening Guidance for Communications Infrastructure, with best practices organizations and agencies should adopt to protect against this espionage threat. According to the statement, PRC-affiliated actors compromised networks at multiple telecommunication companies. They stole customer call records data as well…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature