The Biden Administration kicked off Cybersecurity Awareness Month by signing the K-12 Cybersecurity Act of 2021 into law on October 8, 2021.
U.S. Senator Rick Scott (R-FL) initially introduced the bipartisan legislation this past May after a string of ransomware attacks targeted school districts across the country and gained sponsorship support from Senator Jacky Rosen (D-FL) and Senator Bill Cassidy (R-LA).
The K-12 Cybersecurity Act requires the Cybersecurity and Infrastructure Security Agency (CISA) to perform a 120-day review of cybersecurity risks faced by school districts and provide a report back to Congress. The law states that CISA is required to examine “how identified cybersecurity risks specifically impact K–12 educational institutions” and evaluate the challenges schools face in securing their information systems, protecting student and teacher data and implementing and enforcing cybersecurity controls.
Following the report, the law provides CISA with 60 days to develop guidelines for K-12 organizations and then another 120 days to create an online toolkit school districts can use to implement those strategies and recommendations.
One key note of the law is the lack of direct funding for K-12 cybersecurity. However, a separate bill is currently in review that would provide a $10 million annual fund for cybersecurity initiatives such as this.
A recent study shows that in 2020, a total of 1,681 schools, colleges and universities in the U.S., as well as 560 health care facilities, reported ransomware attacks. The key word is reported, as the total number of attacks is likely much higher than that. Following the high-profile ransomware attack on Clark County School District in Nevada, Senator Rosen (D-NV) joined the bipartisan sponsorship of the bill.
“Malicious cyber actors are increasingly targeting K-12 schools across the United States, including the Clark County School District, the fifth-largest school district in the country, which was the victim of a ransomware attack,” said Senator Rosen. “Cyberattacks can be expensive and debilitating, especially for small organizations or public entities. Schools and school districts need an immediate federal response to improve cybersecurity in Nevada and across our nation to prevent the personal information of students, faculty, and staff from falling into the wrong hands. I’m proud to see that this bipartisan legislation, which I co-sponsored, passed the Senate and is one step closer to becoming law. This bill will provide schools with tools and resources to prevent and combat cyber threats.”
The bill summary is available at https://www.congress.gov/bill/117th-congress/senate-bill/1917/all-info and reads:
This bill requires the Cybersecurity and Infrastructure Security Agency (CISA) to study the cybersecurity risks facing elementary and secondary schools and develop recommendations that include cybersecurity guidelines designed to assist schools in facing those risks. The use of such recommendations shall be voluntary.
The study must evaluate the challenges that schools face in securing (1) information systems owned, leased, or relied upon by those schools; and (2) sensitive student and employee records.
Further, the bill requires CISA to (1) develop an online training toolkit designed for school officials; and (2) make available on the Department of Homeland Security website the study’s findings, the cybersecurity guidelines, and the toolkit.
The K-12 Cybersecurity Act of 2021 is another step forward in the Biden Administration’s prioritization of cybersecurity as a national security matter. Since taking office, President Biden has developed several steps in strengthening the nation’s cybersecurity defenses, including Improving the Nation’s Cybersecurity Executive Order, issuing the very first sanctions on cryptocurrency exchanges for laundering cyber ransoms and hosting a private company cybersecurity summit that resulted in a $30 billion commitment from Google and Microsoft.
“Today, I was pleased to sign the K-12 Cybersecurity Act into law to enhance the cybersecurity of our Nation’s K-12 educational institutions,” President Biden stated. “This law highlights the significance of protecting the sensitive information maintained by schools across the country, and my Administration looks forward to providing important tools and guidance to help secure our school’s information systems. I want to thank Congress for passing it with bipartisan support.”.
Related Links
- Statement of President Joe Biden on Signing the K-12 Cybersecurity Act into Law
- All Information (Except Text) for S.1917 – K-12 Cybersecurity Act of 2021
Related Articles
- Biden Administration Announces First Ever Sanctions Against Cryptocurrency Exchange
- TSA Issues Second Cybersecurity Directive for Pipeline Owners and Operators
- US Lawmakers Look to Set Federal Cyber Breach Alert Standard
- White House Issues Executive Order on Cybersecurity
About Schneider Downs Cybersecurity
The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. For more information, visit www.schneiderdowns.com/cybersecurity or contact the team at [email protected].
In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.