Sens. Mark Warner, D-Va., and Marsha Blackburn, R-Tenn., joined Reps. Doris Matsui, D-Calif., and Zach Nunn, R-Iowa, to reintroduce bipartisan legislation on April 18 that tasks the Cybersecurity and Infrastructure Security (CISA) with establishing a school cybersecurity improvement program.
The Enhancing K-12 Cybersecurity Act aims to strengthen cybersecurity at America’s K-12 schools by promoting access to information, better tracking cyberattacks nationally, and providing new cybersecurity resources.
“As cyberattacks continue to expose private information and disrupt infrastructure across industries, including in education, with increased frequency, we must ensure that schools are in the best position possible to prevent and respond to attacks,” Sen. Warner said. “This legislation will put in place necessary procedures to protect our students’ data and keep sensitive information private.”
Cyberattacks targeting schools are increasing in frequency and severity, the lawmakers said.
According to the K-12 Cybersecurity Resource Center, from 2016-2021 there were over 1,300 publicly disclosed cyber incidents involving education organizations across all 50 states. These cyber incidents included ransomware, data breaches, and denial-of-service attacks, among others.
In September, the Federal Bureau of Investigation, CISA, and the Multi-State Information Sharing and Analysis Center released a cybersecurity advisory outlining the significant cyber threat facing K-12 institutions. They said that some cybercriminals are “disproportionately targeting the education sector with ransomware attacks,” and that they anticipated increases in such attacks.
“From ransomware to data breaches, cyberattacks targeting our K-12 schools are growing increasingly sophisticated and common, necessitating a robust response to keep our students and teachers safe,” said Rep. Matsui. “Cybercriminals are rapidly evolving their strategies to cause chaos and disruption, yet a lack of resources for our schools is forcing them to do more with less. The Enhancing K-12 Cybersecurity Act would establish a crucial roadmap to prepare our K-12 cyberinfrastructure for future attacks.”
Specifically, the bill:
- Directs the CISA Director to establish a Cybersecurity Information Exchange to disseminate information, best practices, and grant opportunities to improve cybersecurity;
- Establishes a Cybersecurity Incident Registry within CISA to track incidents of cyberattacks on elementary and secondary schools; and
- Directs CISA to establish the K-12 Cybersecurity Technology Improvement Program to be administered through an information and analysis organization to deploy cybersecurity capabilities that will help address cybersecurity risks and threats to information systems of K-12 schools. The bill authorizes $10 million per year for fiscal years 2024 and 2025 to fund this program.
The bill was previously introduced in both the 116th and 117th Congress by Rep. Matsui. While the Enhancing K-12 Cybersecurity Act received a lot of bipartisan support – a total of 21 cosponsors – it never made it out of committee.