3 best practices from the White House K-12 cybersecurity summit
Home/CyberSecurity / 3 best practices from the White House K-12 cybersecurity summit
3 best practices from the White House K-12 cybersecurity summit

WASHINGTON — When a ransomware attack hit the Los Angeles Unified School District at the start of the 2022-23 school year, the country's second-largest school system had "above average" defenses, including trained staff, assurances that ed tech companies would not put student data at risk, and tools to help prevent vulnerabilities, said Superintendent Alberto Carvalho. 

But what the district did not have was a "Rolodex of influencers" — or cybersecurity experts — whom the district had built relationships with, Carvalho said during the K-12 cybersecurity summit at the White House on Tuesday. He added that when the attack happened, the district did receive quick responses from local, state and federal agencies. 

"Have that Rolodex ready to call an individual who can help you manage a crisis, a situation that you yourself alone cannot manage," the superintendent said. "You do not have the tools or the intelligence federal agencies have, and they can deliver big time very, very quickly."

During the summit, Carvalho and others shared advice and best practices for protecting schools against rising cyberattacks targeting elementary and secondary school systems. 

The event, dubbed Back to Back to School Safely: Cybersecurity Summit for K-12 Schools, came a day after the federal government released a resource document and announced other investments to protect student, family and staff data. As part of the efforts, several ed tech company leaders also announced cybersecurity solutions. 

In the face of increased cyberattacks, school systems and advocacy groups called for national attention and support for this issue. A quarter of school administrators surveyed in October said their district had experienced a hack, phishing incident, data breach or other cyberattack in the previous year, according to Clever, a single sign-on provider for learning apps.

Last year 65 ransomware attacks affected 1,436 schools and colleges serving about 1 million students, according to Comparitech, a cybersecurity research website. The attacks cost education institutions nearly $9.45 billion in downtime alone, the company estimates. 

"Do not underestimate the ruthlessness of those who wish to do us harm."

Alejandro Mayorkas

U.S. Secretary of Homeland Security

Schools are "target rich" with lots of sensitive data but are also "resource constrained," because officials often lack the knowledge or capability to prevent attacks, said Jen Easterly, director of the federal Cybersecurity and Infrastructure and Security Agency.

CISA wants to "make sure that you all have what you need to raise the baseline in cybersecurity, but also importantly, to know how to respond effectively to reduce and mitigate that risk," Easterly told the summit attendees. 

U.S. Secretary of Homeland Security Alejandro Mayorkas advised schools to be on guard against cyber criminals. "Do not underestimate the ruthlessness of those who wish to do us harm," he said.

Here's top advice and resources participants shared during the summit:

'Call us immediately'

One of the nation's highest law officers exhorted school officials to use federal defenses in the war against cyberattacks.

Paul Abbate, deputy director of the FBI, said the bureau's goal is to prevent attacks from ever happening. To help do that, districts should build relationships with its nearest FBI regional office to prepare for and respond if an event does happen, he said.

"In the event that something does happen, if there is a cyberattack, please call us immediately because timeliness does matter," Abbate said.

In fact, the FBI is part of the coordinated federal approach announced Monday to help schools mitigate cyber vulnerabilities and respond to ransomware attacks. Other agencies involved are the Education and Homeland Security departments, along with CISA, the Federal Communications Commission and the White House. 

Additionally, Congress is considering bicameral and bipartisan legislation to better track school cyberattacks and provide tools and guidance to school systems. 

"We can't talk about potential collaboration at the local level, at the state level, if we're not modeling it here at the federal level," U.S. Education Secretary Miguel Cardona told the summit. He added that schools and their partners need to be proactive and not wait for emergencies to happen.

Cardona highlighted the department's creation of a government coordinating council that will organize information and resources about K-12 cyber defense and response.

Also under the Biden administration's new initiatives, CISA will provide cybersecurity training to 300 school systems over the next year, and the FCC has proposed a $200 million, three-year pilot program for school and library cyberattack prevention.

Source link