Bill Spells Outs Steps to Help Schools With CybersecurityLegislation Introduced Following Flurry of Ransomware Incidents
Following a series of high-profile ransomware attacks and other cyber incidents over the last year, two U.S. senators have introduced a bill designed to help bolster cybersecurity for local school districts.
The bill would require the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency to work with other federal departments and private sector organizations to complete a study of cybersecurity risks specific to K-12 educational institutions, including risks related to sensitive student and employee records.
The legislation also would mandate that CISA develop cybersecurity recommendations and an online toolkit to help schools improve their IT infrastructure. These voluntary tools would be made available online.
The K-12 Cybersecurity Act is co-sponsored by Gary Peters, D-Mich. and Rick Scott, R-Fla.
Addressing New Threats
When announcing their proposal Monday, the two senators noted that it’s designed to address the issues that schools districts in Louisiana, Arizona and elsewhere have faced, including increases in ransomware attacks (see: Louisiana Declares Emergency After Malware Attacks).
The July attack in Louisiana affected school systems in four parishes in the northern part of the state. Louisiana officials did not identify the malware, but one school district told local news media the attack involved ransomware.
In September, several schools in Flagstaff, Arizona, were closed after ransomware appeared in the district's network (see: Arizona School District Cancels Classes Due to Ransomware).
"Schools across the country are entrusted with safeguarding the personal data of their students and faculty, but lack many of resources and information needed to adequately defend themselves against sophisticated cyberattacks," says Peters, who is the ranking Democrat on the Senate's Homeland Security and Government Affairs Committee.
Scott, who also sits on the committee, offered his support in a tweet.
The safety of our schools is always my top priority, & that includes protecting the information of our students & teachers.— Rick Scott (@SenRickScott) December 16, 2019
Proud to sponsor the K-12 Cybersecurity Act of 2019 with @SenGaryPeters to further protect our schools and give them the resources they need to stay safe.
Increasing Ransomware Attacks
Over the last year, schools districts, as well as local and municipal governments and healthcare organizations, have seen an increase in the number of ransomware attacks that have disrupted services and put personal data at risk.
Some 86 attacks targeted universities, colleges and local school districts, with a total of 1,200 schools affected, Emsisoft says. Healthcare entities were the No. 1 target, with 759 attacked.
"Ransomware incidents increased sharply in 2019 due to organizations’ existing security weaknesses and the development of increasingly sophisticated attack mechanisms specifically designed to exploit those weaknesses," a new Emsisoft report notes. "Combined, these factors created a near-perfect storm. In previous years, organizations with substandard security often escaped unpunished; in 2019, far more were made to pay the price, both figuratively and literally."
Bill Gains Support
When the bill was introduced Monday, several educational organizations, including the National Education Association, the American Federation of Teachers, the National Association of Secondary School Principals and the Consortium for School Networking, lined up to support it.
"While technology can be a powerful classroom tool to enhance and supplement, not supplant, student learning and the work of educators, strict, enforceable privacy safeguards are so important to make sure our schools remain safe from cyber threats like data breaches, ransomware and email scams," says Randi Weingarten, president of the American Federation of Teachers.
The Senate bill to bolster local school security is similar to another bill making its way through the House called the State and Local Government Cybersecurity Improvement Act, according to a report in The Hill.