In 2022, state and Federal policymakers significantly accelerated their efforts to help K-12 institutions across the U.S. shore up their cybersecurity defenses, a new report by the Consortium for School Networking (CoSN) says.
However, the nonprofit’s Jan. 5 report said more needs to be done in the new year to protect vulnerable school systems from cyberattacks.
“This year, legislators in 36 states introduced 232 cybersecurity bills with direct or indirect focus on the education sector,” CoSN said in its Federal Education Cybersecurity Policy Developments report.
Of the legislation introduced across the country, 37 education cybersecurity bills were adopted across 18 states. This compares to 49 new cybersecurity laws across the K-12 education sector in 2021, and just 10 in 2020.
“The 2022 laws largely focus on policy changes targeted across state and local government, not just on education entities, and they address a range of cybersecurity policy areas and strategies including governance improvements, mandatory incident reporting, required prevention and contingency planning, expanding the available cyber workforce, and security investments targeting state agencies, local agencies, and higher education institutions,” the 41-page report says.
Florida and California had the highest count of cybersecurity education laws enacted this past year, accounting for a total of 10 out of the 37 bills.
Cyberattacks are among the leading operational and privacy threats facing the nation’s schools. Routinely, cyberattacks compromise confidential student and employee information and can disrupt classroom instruction and administrative functions. The problem plagues the entire education sector.
Among all hacks, ransomware attacks are on the rise in the education sector, targeting K-12 institutions’ confidential data in exchange for large sums of money.
CoSN explained that the Federal government also made a splash in the nation’s educational cybersecurity efforts in 2022.
“Members of Congress introduced 22 cybersecurity bills with implications for the education sector, compared to 19 such bills in 2021 and 10 in 2020,” the report said.
“Notable strategies featured in the bills include seeking more information and advice about the policy area through the creation of cybersecurity focused task forces or commissions, building the cybersecurity workforce through investments in postsecondary institutions and programs and apprenticeships, and making direct investments through competitive grants.”
Because none of the 22 cyber bills introduced at the Federal level passed in the 117th Congress, CoSN recommends that lawmakers reintroduce the bills in the new year to “continue championing” education focused cybersecurity measures.
CoSN encouraged leaders tasked with making cybersecurity policy improvements in 2023 to consider three ideas drawn from the group’s analysis of the changing state policy landscape:
- Cybersecurity workforce: consider a more strategic approach to recruitment, training, and retention as well as greater funding to ensure schools can compete with the private sector;
- Prevention and planning: government must provide funding for technology to identify and repel attacks, but investments must also focus on educating students, staff, families, and the public about how to recognize and avoid attacks; and
Incident reporting, contingency planning, and coordination: policies should encourage greater participation in the collaborative groups that already exist in this space by providing funding and strategic direction, and policymakers should find ways to remove stigmas associated with reporting attacks
