Congress Heightens Emphasis on K-12 Cybersecurity During COVID-19
Federal lawmakers put a new focus on improving cybersecurity, including protections for schools, through a pair of measures aimed to create more leadership at the national level and encourage safeguards in classrooms.
One bill introduced last month, the National Cyber Director Act, seeks to appoint a federal cybersecurity director who would oversee cyber safety and regulations nationwide. The nominee would lead a strategy to address security risks in the U.S. cyberspace.
Another piece of legislation, the Providing Resources for Ongoing Training and Education in Cyber Technologies, or PROTECT Act, would help support the Department of Homeland Security's Cybersecurity Education and Training Assistance Program (CETAP) to promote career awareness, provide resources, and help to develop the cybersecurity skills of students in elementary and secondary schools across the country.
The bipartisan bill was introduced in early July by Sen. Jacky Rosen (D-NV) and Sen. Bill Cassidy (R-LA).
"The current cybersecurity workforce shortage poses a threat to our national security. To meet this challenge and prepare our nation for the economy of the future, we must invest in a robust cybersecurity workforce," Sen. Rosen said in a news release. "This bipartisan legislation would codify and strengthen the CETAP program, providing education and career opportunities in cyber and helping to bolster the number of applicants in this critical field."
The PROTECT Act would "authorize and provide stability" to the CETAP program, seeking to implement the Cyber-Integrated Curricular Model (CICM) in schools, which provides hands-on, cybersecurity-integrated tools and introduces students to the cybersecurity profession. It also helps elementary, middle, and high school teachers develop their teaching abilities around cybersecurity issues.
As for the National Cyber Director Act, the Cyberspace Solarium Commission recommended the measure based on a report published in May, Cybersecurity Lessons from the Pandemic. The report stated, "To survive future pandemics or catastrophic cyber incidents, the nation needs secure, remote access to reliable cloud services." The Committee on Oversight and Reform will hold a hearing on Wednesday, July 15 to discuss the next steps.
Throughout the years, there have been many cyberattacks in schools. In 2015, Florida students were unable to access state tests because hackers outside the U.S. were disrupting the system. A Missouri school district's cybersecurity was deemed underprepared in 2016 after the state audited its cyber safety measures. And just a few months ago, a survey found district leaders underestimate the depths of cybersecurity risks.
Cyberattacks on schools come in many forms, including breaches of student and educator data, identity theft, and money theft through business email compromises, according to Doug Levin, president of EdTech Strategies.
Along with introducing students to cybersecurity careers, the PROTECT Act could also teach students about proper cyber hygiene practices, such as how to create strong passwords and how to avoid phishing emails, Levin said.
"It's critical that students receive continuing and ongoing education on basic cyber hygiene practices," Levin said. "There is no good place for students to get reliable and trustworthy information on how to keep themselves secure. Schools are a very logical place to do this, particularly as schools themselves are reliant on technology more and more to interact with students."
Interconnected IT Systems
The federal government has a responsibility to lead cyber protection efforts, because it encourages schools to adopt new technologies, Levin said. Plus, schools are online gateways into other local, state, and federal government agencies.
"School district IT systems are interconnected with other local state and federal systems, including voting systems, law enforcement, systems that have to do with employment and commerce," Levin said.
A national cybersecurity director would help connect schools so they could share information about cybersecurity challenges they are facing. "When something happens in a school district, other school districts around the country may or may not ever hear about what happened," Levin said.
- 4 Big Cybersecurity Priorities for Schools: Training, Purchasing, Monitoring, and Budgeting
- Coronavirus Compounds K-12 Cybersecurity Problems: 5 Areas to Watch
- Zoom Use Skyrockets During Coronavirus Pandemic, Prompting Wave of Problems for Schools
- Quiz Yourself: How Much Do You Know About K-12 Cybersecurity?