A school cybersecurity plan required by legislation co-sponsored by Congresswoman Elissa Slotkin has been released.
The Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released their strategy for schools to ramp up their cybersecurity protocols. The report was a requirement of the K-12 Cybersecurity Act, a bipartisan bill led by Rep.Slotkin (D-Lansing) that was signed into law in 2021.
Following the report’s release, Slotkin issued a statement saying she was pleased to see CISA begin implementing the legislation.
“These days, schools are often on the front lines for these threats, and it’s more important than ever that we give them the tools they need to stay protected,” said Slotkin. “This report gives us an important roadmap for securing school networks and data, but we know there is more work to do. In the new Congress, I’m looking forward to working with my colleagues from both parties to find new, creative solutions for keeping our schools and students safe from emerging cyber threats.”
Slotkin says there is an urgent need to protect schools from the threat of cyber attacks and the legislation is designed to increase coordination between schools and CISA.
It also directs the agency to work with teachers, school administrators, and experts in cybersecurity for education to:
• Conduct a study on cybersecurity risks facing K-12 institutions, including securing sensitive student/employee records, cybersecurity challenges stemming from remote learning, and how to make cybersecurity more accessible to schools;
• Release an online training toolkit for K-12 institutions.
The report also makes several recommendations including:
• CISA encourages K-12 organizations to start with a “small number of prioritized investments,” like setting up multi-factor authentication, creating and testing an incident response plan and implementing cybersecurity training.
• The report challenges K-12 administrators and superintendents to prioritize cybersecurity and go the extra mile to “securing necessary resources” — including seeking out grant funding or creating better deals with technology vendors.
• School districts should also join threat intel-sharing organizations, such as the K-12 Security Information eXchange and the Multi-State Information Sharing and Analysis Center, where groups trade information about the threat actors targeting their networks.