Policy Insights: White House Cybersecurity Summit for K-12 Schools

The White House hosted the “Cybersecurity Summit for K-12 Schools” this afternoon:

As part of the effort, resources committed to strengthening the cybersecurity of the nation’s K-12 school systems include the following:

• The FCC is proposing establishing a pilot program under the Universal Service Fund to provide up to $200 million over 3 years to strengthen K-12 cyber defenses.
• The Department of Education will establish the GCC to coordinate activities, policy and communications between, and amongst, federal, state, local, tribal and territorial education leaders.
• CISA is committing to provide tailored assessments, administering exercises and offering cybersecurity training for 300 new K-12 entities over the coming school year.

Additionally, several education technology providers are committing to providing free and low-cost resources to school districts. A few include:

• Amazon is committing $20 million for a K-12 cyber grant program, free security training, no-cost cyber incident response assistance and free security reviews to education technology companies providing mission-critical applications to the K-12 community.
• Google released an updated “K-12 Cybersecurity Guidebook” for schools on the most effective steps education systems can take to ensure the security of their hardware and software applications.
• Cloudflare will offer a suite of free Zero Trust cybersecurity solutions to public school districts under 2,500 students.

Policy Insights:

Allen Drennan, Co-Founder & Principal, Cordoniq:

“As part of an overall strategy for cyber defense for K-12 schools, districts need to consider taking control over their implementation of both their LMS (learning management systems) and their virtual meeting solution. This is a necessity for controlling available, uptime and scale and handle issues related recovery management and for providing higher security standards and data privacy protection for students and teachers. Solutions that rely solely on cloud-based providers outside of control of the school district are subject to outages, availability concerns and malicious cyber threats.”

Emily Phelps, Director, Cyware:

“Since adopting digital technologies to adapt to a post-Covid world, securing public schools has become more challenging and more critical. We’re encouraged by the Department of Education’s announcement around strengthening cybersecurity resilience for K-12 entities. Working with CISA to develop practical, actionable guidelines and partnerships with private entities that can bolster K-12 public education’s defenses reinforces the commitment this administration has made to cybersecurity at federal and local levels. Collaboration and collective defense strategies are increasingly important to our public entities and citizenry, and as private-public partnerships garner attention and success, we hope these examples will motivate similar action.”

Carol Volk, EVP, BullWall: (she/her)

“Google and the social media giants should be pumping money into K-12 cyber defenses and education, as they are as much the cause of this firestorm of malicious hacking as they are the benefactors of the younger generations embrace of 24-7 connectivity. With congress tightly focused on the responsibility these companies bear from social media fallout, we can expect these giants to be paying attention to this problem area.”

Ani Chaudhuri, CEO, Dasera

“The recent initiative by the Biden-Harris Administration to bolster cybersecurity in our K-12 schools is a commendable and urgently needed step. The surge in cyberattacks targeting the institutions that shape our future leaders has highlighted an alarming vulnerability. Imagine a nation where school districts are routinely disrupted, and the sensitive data of our children is compromised and auctioned off to the highest bidder.

In the 2022-23 academic year alone, we’ve seen significant cyberattacks on K-12 school districts that have compromised the personal data of students and employees. This isn’t just about data; it’s about our children’s future, their privacy, and the trust they place in the education system.

It’s heartening to see the federal government respond with vigor. The proposed pilot program, the collaboration between different governmental bodies, and the available resources to strengthen cybersecurity infrastructure are steps in the right direction. And while the involvement of education technology giants such as AWS, Google, and others is promising, it’s crucial to ask ourselves if it’s enough.

The real challenge is ensuring these policies and programs aren’t just reactive. We must be proactive, looking ahead to anticipate and thwart future cyber threats. Collaboration between public and private sectors should be constant, not just when disaster strikes. We must understand that the next generation’s education is now intrinsically linked with cybersecurity, and there is no room for complacency.

The increased attention to cybersecurity in our education system is a clear signal of our times. We need to instill a culture of cybersecurity from the classroom to the boardroom. Let’s not wait for another breach to shake us into action. The safety of our nation’s future is at stake.”