New K-12 Cybersecurity Act Mandates DHS Review Schools' Cybersecurity Policies

December 19, 2019

U.S. Senators Gary Peters (D-MI), Ranking Member of the Senate Homeland Security and Governmental Affairs Committee, and Rick Scott (R-FL) introduced bipartisan legislation to implement stronger cybersecurity protections for K-12 educational institutions across the country.

The K-12 Cybersecurity Act of 2019 would help educational institutions bolster their cybersecurity protections by instructing the Department of Homeland Security (DHS) to examine the risks and challenges that schools face in securing their systems. DHS would also be charged with creating a set of cybersecurity recommendations and other voluntary resources for schools to use when implementing their cybersecurity solutions.

In recent years, cyber-attacks on schools have become increasingly common, resulting in a state of emergency in Louisiana and numerous school closures in Arizona. In 2018, Johannesburg-Lewiston Area Schools in Michigan were targeted by a malicious ransomware attack that temporarily shut down the district’s systems, says a news release.

The K-12 Cybersecurity Act of 2019 directs DHS’s Cybersecurity and Infrastructure Security Agency (CISA) to work with other federal departments and private sector organizations to complete a study of cybersecurity risks specific to K-12 educational institutions, including risks related to sensitive student and employee records. Following the completion of that study, the bill directs CISA to develop cybersecurity recommendations and an online toolkit to help schools improve their cybersecurity systems. These voluntary tools would be made available on the DHS website with other DHS school safety information.

“Schools across the country are entrusted with safeguarding the personal data of their students and faculty, but lack many of resources and information needed to adequately defend themselves against sophisticated cyber-attacks,” said Senator Peters. “This commonsense, bipartisan legislation will help to ensure that schools in Michigan and across the country can protect themselves from hackers looking to take advantage of our nation’s cybersecurity vulnerabilities.”

Recently, a report by Armor revealed that 11 new U.S. school districts (comprised of 226 schools) have been compromised by ransomware since late October 2019. Since January 2019 to date, Armor has identified a total of 72 school districts and/or individual educational institutions that have publicly reported being a victim of ransomware. These attacks have potentially impacted 1,039 schools nationwide.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.