IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

House Bill Urges More Funding and Data on K-12 Cybersecurity

The Enhancing K-12 Cybersecurity Act hopes to bolster funding for school cybersecurity, as well as federal data tracking of cyber crimes amid an increase in ransomware and phishing incidents in schools.

House of Representatives
Education policy advocates have continued pushing for additional federal resources geared toward bolstering K-12 cybersecurity following a record-breaking year for cyber attacks against public school districts, where officials have poured billions into new devices needed for virtual learning.

To help address new vulnerabilities that have come with the digital transformation happening in education, Reps. Doris Matsui, D-CA; Jim Langevin, D-RI; John Katko, R-NY; and Andrew Garbarino, R-NY, reintroduced the Enhancing K-12 Cybersecurity Act on June 17 to increase federal funding for K-12 cybersecurity efforts and to better track cyber incidents in schools.

The legislation, first created and introduced by Matsui last year, would direct the Cybersecurity and Infrastructure Security Agency (CISA) to establish a cybersecurity incident registry to track cyber crimes against elementary and secondary schools, as well as a cybersecurity information exchange program to provide schools with grant opportunities and information on best IT practices moving forward. The bill also asks for $10 million in annual funding for a K-12 Cybersecurity Technology Improvement Program led by CISA to strengthen schools' IT security protocols.

“Cyber attacks targeting schools have already forced class cancellations and exposed students’ sensitive personal information. As cyber criminals grow more sophisticated and aggressive, we must provide the resources and information necessary to protect our schools,” Matsui said in a public statement.

Ed-tech policy organizations have pushed for additional federal funding and regulations in K-12 cybersecurity over recent months as public education policymakers continue investing billions for new devices and Internet connectivity for remote and hybrid learners. At the same time, several schools have expressed staffing concerns related to IT security, according to recent surveys.

Matsui's legislation was endorsed by the National Association of Secondary School Principals, National Association of Elementary School Principals, National Association of State Chief Information Officers, State Educational Technology Directors Association (SETDA) and Consortium for School Networking (CoSN), among others.

Little has been done so far to stop the onslaught of ransomware and phishing attacks against schools that continue to increase in frequency and severity, according to CoSN CEO Keith Krueger.

“Policymakers are not doing enough to help school districts strengthen their cyber defenses. We cannot simply study the problem and talk about it,” Krueger said in an email to Government Technology. “Unfortunately, Congress and the FCC have failed to take any steps to help school systems.”

SETDA Executive Director Julia Fallon said that while schools have made “great strides” to provide connectivity and devices to students, cybersecurity remains a key digital equity issue.

She said lawmakers have been "too slow to react" to the issue, adding that “Congress needs to act this year.”

“Less affluent districts are particularly vulnerable to cyber attacks because they more often lack the personnel and technology solutions required to protect their networks and confidential student data,” she said in an email.

“A significant issue is the vast underreporting of data security incidents which stem from an aversion to sharing, collaboration around problem-solving and implementing best cybersecurity practices.”

The bill was announced shortly after Sen. Gary Peters, D-MI, introduced S 1917, which seeks a detailed study to further gauge K-12 cybersecurity risks throughout the nation. Matsui's legislation joins more than 100 other cybersecurity-related bills introduced in the 117th Congress, and after Senate Majority Leader Chuck Schumer initiated a review of ransomware attacks that have increased in both the public and private sectors during the pandemic.

Krueger said the recent slew of proposals should work together as part of a concerted federal effort to address cybersecurity shortfalls in public education, which the FBI considers the most targeted public sector for cyber attacks.

Earlier this year, the consortium also submitted a petition asking the Federal Communications Commission to invest more than $2 billion in annual funding through the FCC’s E-rate program devoted to K-12 cybersecurity.

“Complex challenges like cybersecurity require multiple strategies. There are many ideas pending, and that's appropriate as legislators work to find the right mix of strategies to help schools,” Krueger said, adding that Matsui’s bill would address “a lack of a coordinated response, poor information sharing and insufficient funding.”
Brandon Paykamian is a former staff writer for the Center for Digital Education.