After Passing House, Peters Bipartisan Bill to Help Protect K-12 School Systems from Cyber-Attacks Heads to President to Be Signed into Law

Source: United States Senator for Michigan Gary Peters

09.29.21

WASHINGTON, D.C. – U.S. Senator Gary Peters (MI), Chairman of the Homeland Security and Governmental Affairs Committee, applauded House passage of his bipartisan legislation to enhance cybersecurity assistance to K-12 educational institutions across the country. Schools are responsible for securing a considerable amount of sensitive records related to their students and employees, including student grades, family records, medical histories, and employment information. The bill will help educational institutions bolster their cybersecurity protections by instructing the Cybersecurity and Infrastructure Security Agency (CISA) to examine the risks and challenges that schools face in securing their systems. Using their findings, CISA is charged with creating cybersecurity recommendations and other voluntary resources for schools to use when implementing their cybersecurity solutions. The bill passed the Senate in August and now heads to President Biden’s desk to be signed into law.

“Ransomware and other cyber-attacks that can shut down our K-12 schools and compromise the personal information of our students and dedicated educators are unacceptable and must be stopped. We must provide faculty and staff with the resources and means that they often lack to defend themselves and their students against complicated cyber-attacks,” said Senator Peters. “I’m pleased this bipartisan legislation has passed the House and I urge the President to sign it into law as soon as possible so we can better protect K-12 schools and prevent criminals from stealing the personal information of teachers, students, and other staff in schools across the nation.”

Cyber-attacks on schools increased over the past year as Americans’ daily lives and classrooms moved online during the pandemic, including attacks against schools in Michigan. In one attack on Walled Lake Consolidated Schools, hackers successfully accessed records and posted information online. In 2018, Johannesburg-Lewiston Area Schools in Michigan were targeted by a malicious ransomware attack that temporarily shut down the district’s systems.

The K-12 Cybersecurity Act directs DHS’s Cybersecurity and Infrastructure Security Agency (CISA) to work with teachers, school administrators, other federal departments and private sector organizations to complete a study of cybersecurity risks specific to K-12 educational institutions, including risks related to securing sensitive student and employee records and challenges related to remote-learning. Following the completion of that study, the bill directs CISA to develop cybersecurity recommendations and an online toolkit to help schools improve their cybersecurity hygiene. These voluntary tools would be made available on the DHS website along with other DHS school safety information.

The K-12 Cybersecurity Act has been endorsed by the Michigan Association for Computer Users in Learning, Michigan Association of School Boards, Consortium for School Networking, School Superintendents Association, National Association of Secondary School Principals and the American Federation of Teachers.

Below are statements of support for Peters’ legislation:

“The Michigan Association of School Boards applauds Sen. Gary Peters for leading this bipartisan effort that will address cyber security for our school districts,” said Don Wotruba, Executive Director of the Michigan Association of School Boards. “We look forward to additional resources from the federal government and guidance from the Cyber Security and Infrastructure Security Agency that will help us combat this serious issue, which puts the personal information of our students and faculty at risk.”

“MACUL welcomes the passage of the K-12 Cybersecurity Act and commends Senator Peters’ for his bipartisan leadership to address this time-sensitive need,” said Mark Smith, Executive Director of the Michigan Association for Computer Users in Learning (MACUL). “This bipartisan effort will help leaders at all levels of government better understand how to best protect school’s computer networks and sensitive data from external threats. The Act takes an important step closer to ensuring that schools have the assistance they need to better protect students’ and educators’ confidential information.”

“K-12 school systems across Michigan are responsible for collecting and storing the personal information of thousands of students and faculty. Constant attempts to steal this information by hackers who are supported by powerful resources are one of our primary concerns,” said Kevin D. Miller, Ph.D, Superintendent, St. Clair County Regional Educational Service Agency. “I’m grateful to Senator Peters for leading this effort that will give organizations like ours resources we currently lack to fend off these attacks and defend our networks.”

“As cyber-attacks on schools continue to increase during the pandemic and beyond, we applaud Senator Peters and Scott for their efforts and are thrilled to see bipartisan legislation pass through Congress that would make recommendations and provide voluntary tools to districts on how to improve their cybersecurity hygiene and allow them to better safeguard the personal information of students and facility in K-12 schools around the nation.” – Sasha Pudelski, Director of Advocacy, AASA, The School Superintendents Association

“Improved federal, state and local government collaboration is needed to stop the recent flood of cyber-attacks on schools,” said Keith Krueger, CEO of the Consortium for School Networking (CoSN). “CoSN appreciates Senators Peters’ and Senator Scott’s work to secure passage of the K-12 Cybersecurity Act. This legislation recognizes that the United States desperately needs a swift and comprehensive assessment of the network security challenges school districts face, coupled with a commitment to provide the additional tools and technical assistance required to better protect students’ and educators’ confidential data.”

###