IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

ISTELive 23: How to Defend Against Cyber Attacks Like a Pro

Speaking on behalf of a consortium of ed-tech organizations called the Cybersecurity Coalition for Education, project director Frankie Jackson shared a new cybersecurity resource available to schools free of charge.

Cyber attack concept. Bright text on digital lcd display with reflection. 3D rendering.
School districts need not depend on expensive consultants or the latest and greatest technology to establish and improve a defense system against cyber attacks. A new K-12 protection framework aligned with national standards for technology is available for free, a subject-matter expert told a gathering of education technology professionals Tuesday.

Frankie Jackson, project director for a group of ed-tech organizations called the Cybersecurity Coalition for Education (CCE) and a former technology administrator for large districts in Texas, challenged audience members at the International Society for Technology in Education’s ISTELive 23 conference in Philadelphia to “defend your school like a pro.” Then, through her presentation about a new K-12 cybersecurity framework that draws from the National Institute of Standards and Technology and other sources, Jackson showed them how to do it.

The framework, listed on cybersecurityrubric.org, has been in place for about three months now, but presumably some school administrators across the nation are not aware of it. The project was prompted by feedback from ed-tech professionals who annually list cybersecurity as their most serious concern and highest priority. They also complained about the skyrocketing costs of cybersecurity insurance.

“You can throw good money after bad money at the problem, but the reality is … we need a road map of improvement starting from where we are,” Jackson said.

In addition to the rubric, CCE also published free self-assessment training and scoring guidelines, plus a certified cybersecurity evaluator program consisting of an online training module and a test to obtain credentials for $99.

CCE’s rubric outlines five function levels at which schools can assess their progress, or lack of it, in being ready for cyber attacks: (1) Initial, with little to no efforts made yet; (2) Repeatable, in which a plan is in place, but only in the early stages; (3) Defined, with a standard process in place; (4) Managed, with a well-established defense system that is proactively monitored; and (5) Optimal, indicating no improvements needed. The rubric uses 23 categories to score districts and determine their function level.

A PowerPoint slide showing a new framework for cybersecurity preparedness by the Cybersecurity Coalition for Education at the ISTELive 23 conference on Tuesday.
A PowerPoint slide outlines a new framework for cybersecurity preparedness by the Cybersecurity Coalition for Education at the ISTELive 23 conference on Tuesday.
Photo by Aaron Gifford

Since the rubric was released in March, 600 school districts completed the self-assessment trainings, and 500 more are in the process, Jackson said. So far, the average district score is 1.7, meaning schools need significant improvements in cybersecurity, she said, adding that she is optimistic that schools will approach level 3 (Defined) within the next year.

“But we would love to see some leaders that are at level 4 or level 5,” she said. “This goes on in business and industry. Why wouldn’t we do it in education?”

Keith Price, technology director for Vestavia Hills City Schools in Alabama, is among the 600 school leaders who completed the training and is using the rubric to improve school cybersecurity. His district scored a 2.5 in the self-assessments and is working toward reaching level 3. He also took the cybersecurity evaluator training and earned the credential, which will allow him to help with other evaluations at other districts. CCE encourages schools to work together in this process.

“What educator doesn’t love a rubric? What educator doesn’t love the thought of continuous improvement?” Price said. “This really gives you a model, so you know what to do to get to the next level.”
Aaron Gifford is a former staff writer for the Center for Digital Education.