The federal government is looking to shore up cybersecurity at K-12 educational institutions nationwide by creating a new coordinating entity.
The U.S. Department of Education (DOE) and the Cybersecurity and Infrastructure Security Agency (CISA) recently announced that they have created a Government Coordinating Council (GCC) to protect schools from cybersecurity threats. K-12 schools are some of the more common targets of cyber criminals.
As reported by The Dallas Express, most cyber attacks are committed against critical infrastructure, such as utilities or health services, with 89 incidents reported this year as of March 26, per Statista. Political institutions experienced 82 incidents, whereas the education sector experienced 19. Ransomware attacks are most common, threatening to paralyze districts and expose sensitive information about students and staff.
As described by CISA, GCCs “enable interagency and cross-jurisdictional coordination” across multiple levels of governance — federal, state, local, and tribal — for a given sector or subsector. The newly created GCC will coordinate with stakeholders in the Education Facilities Subsector (ESF), which comprises K-12 schools and post-secondary education institutions, to elaborate and share best practices in cybersecurity.
“The GCC embodies our commitment to ensuring the cybersecurity of our nation’s schools,” said U.S. Deputy Secretary of Education Cindy Marten in a statement. “This initiative represents a monumental step forward in formalizing the partnership between federal, state, and local educational leaders in protecting our K-12 critical infrastructure.”
The new GCC may result in a stricter reporting protocol for schools faced with cyberattacks or potential data breaches. For instance, CISA has proposed a comprehensive federal rule for such incidents to be reported within 72 hours and 24 hours if ransomware payouts are provided.
All entities protected under the Presidential Directive 21 in 2013 would be subject to this new rule. The directive identified 16 critical sectors, including the Government Facilities Sector, of which the ESF is a part. As protected entities, their assigned GCCs aim to mitigate risks and improve security practices through discussions and revisions to the National Infrastructure Protection Plan and the Sector-Specific Plans.