With K-12 educational institutions increasingly targeted by ransomware and other cyber attacks during the coronavirus pandemic, the Government Accountability Office (GAO) is pushing the Department of Education to update its plans – which currently date from 2010 – for addressing cyber risks faced by schools.
In a new report, GAO reviewed cybersecurity for K-12 schools to understand the extent that Federal agencies are helping schools to protect themselves against cyber attacks.
According to the report, Federal guidance specifies responsibilities for the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Education’s Office of Safe and Secure Schools, and the FBI in helping schools protect against threats.
“These agencies have provided programs, services, and support to assist kindergarten through 12th grade (K-12) schools in defending against cyber threats,” says the report. “Examples of such support include incident response assistance, network monitoring tools, and guidance for parents and students on preparing for the cyber threats that students face online.”
For its part, the Education Department is responsible for developing and maintaining a plan to address cybersecurity risks at K-12 schools, and determining the need for sector-specific guidance.
The report goes on to state that cyber threats have changed substantially in recent years, including increased reports of ransomware and other cyber threats that disrupt school operations.
GAO made two recommendations for the Education Department, including to “initiate a meeting with CISA to determine how to update its sector-specific plan and determine whether sector-specific guidance is needed.”
The Education Department concurred with the two recommendations, and described actions that would address the recommendations.