Source: United States Senator for Commonwealth of Virginia Mark R Warner
WASHINGTON –U.S. Sens. Mark R. Warner (D-VA) and Marsha Blackburn (R-TN) joined Reps. Doris Matsui (D-CA-07), Representative Zach Nunn (R-IA-03) reintroduced the Enhancing K-12 Cybersecurity Act, legislation to strengthen cybersecurity at America’s K-12 schools by promoting access to information, better tracking cyberattacks nationally, and providing new cybersecurity resources.
“As cyberattacks continue to expose private information and disrupt infrastructure across industries, including in education, with increased frequency, we must ensure that schools are in the best position possible to prevent and respond to attacks,” said Sen. Warner. “This legislation will put in place necessary procedures to protect our students’ data and keep sensitive information private.”
“Cyberattacks continue to grow in size, frequency, and complexity in critical U.S. institutions, including in America’s schools,” said Sen. Blackburn. “We must ensure that our education sector is equipped to address these threats and keep students’ personal information private. This bipartisan and bicameral legislation will improve the cybersecurity tracking system for schools and provide them with necessary training resources and best practices for prevention.”
“From ransomware to data breaches, cyberattacks targeting our K-12 schools are growing increasingly sophisticated and common, necessitating a robust response to keep our students and teachers safe,” said Rep. Matsui. “Cybercriminals are rapidly evolving their strategies to cause chaos and disruption, yet a lack of resources for our schools is forcing them to do more with less. The Enhancing K-12 Cybersecurity Act would establish a crucial roadmap to prepare our K-12 cyberinfrastructure for future attacks.”
“When I was working on the White House’s National Security Council, I witnessed firsthand how important it is to prioritize cybersecurity. With these crimes on the rise, it’s imperative that we provide our schools with the tools to keep students’ information secure,” said Rep. Nunn. “In the wake of the ransomware incident in January, I’m proud to work across the aisle to ensure our schools have the resources and training they need to protect students.”
Cyberattacks targeting schools are increasing in frequency and severity. These attacks have threatened students’ privacy and caused harmful classroom disruptions. According to the K-12 Cybersecurity Resource Center, from 2016-2021 there were over 1,300 publicly disclosed cyber incidents involving education organizations across all 50 states. These cyber incidents included ransomware, data breaches, and denial-of service attacks, among others.
Last September, the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the MultiState Information Sharing and Analysis Center (MS-ISAC) released a Cybersecurity Advisory outlining the significant cyber threat facing K-12 institutions, noting certain cybercriminals are “disproportionately targeting the education sector with ransomware attacks,” and that they anticipated increases in such attacks. As schools continue to expand the use of digital platforms to engage students, the Enhancing K-12 Cybersecurity Act provides additional resources to address cyber threats and protect personal information.
Specifically this bill:
- Directs the Cybersecurity and Infrastructure Security Agency Director to establish a Cybersecurity Information Exchange to disseminate information, best practices, and grant opportunities to improve cybersecurity.
- Establishes a Cybersecurity Incident Registry within CISA to track incidents of cyberattacks on elementary and secondary schools. Information submitted to the Registry is strictly voluntary and will help improve data collection to coordinate activities related to the nationwide monitoring of the incidence and financial impact of cyberattacks.
- Directs CISA to establish the K-12 Cybersecurity Technology Improvement Program to be administered through an information and analysis organization to deploy cybersecurity capabilities that will help address cybersecurity risks and threats to information systems of K-12 schools. This approach will capitalize on the existing services and expertise of organizations like MS-ISAC & others to ensure maximum impact of funds. The bill authorizes $10 million per year for FYs ‘24 & ‘25 to fund the Technology Improvement Program.
Full text of the Enhancing K-12 Cybersecurity Act is available here.
###