The White House is proactively addressing the growing threat of ransomware attacks on K-12 schools ahead of the new academic year, aiming to safeguard educational institutions as students return to classrooms.
With American schools often lacking sufficient cybersecurity resources, the surge in ransomware attacks, particularly due to the rapid adoption of remote teaching tools during the pandemic, has prompted the Biden administration to take action. Notably, school districts in several states faced disruptions last year due to cyberattacks, highlighting the urgency of this issue. Cindy Marten, education deputy secretary, stressed the importance of treating cyberattacks on schools with the same seriousness as physical attacks on critical infrastructure.
A comprehensive set of measures is being implemented to fortify school networks against cyber threats. The White House is establishing a government cybersecurity council under the Department of Education’s leadership, tasked with coordinating cyber resilience efforts among numerous school districts.
The Cybersecurity and Infrastructure Security Agency plans to provide training for 300 K-12 entities throughout the upcoming school year and conduct regular cyber exercises. Additionally, guidance documents will be released jointly by the agency and the Education Department, outlining strategies to enhance the protection of educational infrastructure. These recommendations encompass multifactor authentication, robust password practices, phishing detection, and software updates.
Further reinforcing these initiatives, the Federal Communication Commission has proposed a $200 million program that would leverage the Universal Service Fund to bolster the cybersecurity defenses of school districts and public libraries. The White House intends to underscore its commitment to these efforts through a cybersecurity summit, featuring First Lady Jill Biden, Secretary of Education Miguel Cardona, and Secretary of Homeland Security Alejandro Mayorkas.
While the focus is on immediate action, the administration’s comprehensive review of existing regulations is noteworthy, signaling potential expansion to critical infrastructure sectors as part of a long-term cybersecurity strategy.