IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Q&A: Feds ‘Finally’ Get Serious About K-12 Cybersecurity

CoSN board chair Diane Doersch, also senior IT director for Digital Promise, says ed-tech leaders were relieved at the White House’s recent announcement, but school districts need to enact policies and train staff.

Aerial view of a bunch of people sitting in a circle at a table with laptops in front of them, with only their arms and laptops visible in the image. In the center of the image it says "cybersecurity."
Shutterstock
As both the senior IT director for the nonprofit Digital Promise and board chair for the Consortium for School Networking, Diane Doersch has heard her share of overtures about school cybersecurity, but this time she’s optimistic.

At an Aug. 7 summit in Washington, D.C., Doersch saw the U.S. Department of Education and the White House announce a K-12 federal cybersecurity resilience program that will include $200 million in grants over a three-year period for cybersecurity fortification measures, training and assessments of K-12 entities, plus a variety of other free resources for schools and public libraries. The department is in the process of creating a Government Coordinating Council to work with local, state, tribal and territorial governments, which in turn will establish further plans to help schools protect themselves from cyber attacks.

Through her work with CoSN and Digital Promise, Doersch has spent years educating K-12 communities with tight budgets and limited resources on how to work together and promote responsible digital citizenship among administrators, teachers and students. Doersch is well-entrenched in this realm but has never witnessed a cybersecurity initiative of this magnitude before.

She discussed her experience with Government Technology on Wednesday. Her responses have been edited for length and clarity.

Q: Describe the vibe in the nation’s capital when this announcement was made.

A: It was so cool to see so many education technology leaders. I feel like everyone was saying thank goodness that this has reached the level that it has. This issue finally got the attention it deserved. Even the FBI and Homeland Security were there. All of the important agencies that needed to be there were there.
Diane Doersch
Photo courtesy of CoSN website
Q: What do you think are the most important provisions of this resilience program?

A: Education of our leaders. I come from an IT lens. The No. 1 concern is cybersecurity. We have really worked hard to point them to resources. We can’t stop there. Boards of education and superintendents need to know how important this is and demand that their school district establish a cyber resilience plan. Giving them the tools to practice incident response to an attack is just as important as practicing for fire drills or active shooters. We need to take that same approach. Our bad actors are getting so good at being sneaky. They’re even doing it by text now. Districts will know how to get help protecting themselves now and can build a culture around cybersecurity and digital safety.

Q: What do schools need to do to get on board?

A: Start with school district policy. Write a cybersecurity policy to commit to doing something and following through with that policy. Take a look at all the communities your district serves — students, parents, staff members, administrators and the community at large. All the resources that can help them are in one place now under this centralized program.

Q: You are from Wisconsin and spent a lot of time in rural communities. Do you have concerns about reaching the smallest districts?

A: Absolutely. There are schools where the director of technology might also be the math teacher. But I have also witnessed that superintendents are quite aware of threats, but the state level of support is going to be very important with this. Making sure that even the smallest of school districts get this help is really important, and I think this [program] has a system in place to reach everyone.

Q: In your experience, how can K-12 schools improve in the area of cybersecurity?

A: Basic education. Require some instruction for every grade like they are doing in North Dakota. But everyone needs to know about these things — parents, senior citizens even. There has to be a public awareness campaign, so everyone gathers around that topic and works together.

Q: What types of legislation or policies would you like to see at the federal level with respect to cybersecurity in schools?

A: We’ve got some great models in North Dakota. Legislation is really tough, because some people like to let school districts do their things. Finding those happy mediums is a way to go. I like the state approach. We’ve got legislation that says you have to do a fire drill once a month. Why can’t we do that with a cyber attack incident response?
Aaron Gifford is a former staff writer for the Center for Digital Education.