The United States has witnessed a surge in cyberattacks directed at its educational institutions. Over the course of the 2022-23 academic year, a minimum of eight K-12 school districts across the nation encountered substantial cyberattacks. Notably, four of these attacks resulted in schools being compelled to cancel classes or even shut down entirely.
In an era where students seamlessly weave their lives online through platforms like Facebook, Instagram, TikTok, and YouTube, a digital footprint laden with personal data emerges, leaving many exposed and vulnerable.
In a bid to safeguard student data and education systems, the White House announced a collaborative cybersecurity effort involving educators, administrators, and companies to fortify defenses against cyberattacks, which have caused significant disruptions across several K-12 school districts.
However, it’s important to understand how students are at risk and what difficulties they encounter. It is also essential to know exactly how the cybersecurity measures proposed by the Biden-Harris Administration will impact and improve the current situation.
This feature explores how these cybersecurity efforts will affect schools and students, highlighting potential benefits and addressing ongoing challenges.
US School Cybersecurity: Deciphering vulnerabilities
Research shows that 95% of teenagers in the United States between the ages of 13-17 have access to a smartphone. The COVID-19 pandemic forced students to study online making it imperative to allow students to share information online.
The problem arose when hackers took this challenge of the education sector to their advantage to launch even more cyber attacks. Research shows that 56% of K-12 schools worldwide reported suffering a ransomware attack in 2021.
Reiterating the need for speedy cybersecurity reform, a K-12 Dive report said, “In the US, cybersecurity experts have warned over the past decade that K-12 is an increasingly popular target for ransomware.”
This was evident in the series of student data leaks that surfaced on the dark web with sensitive details about their trauma including assault.
Students had to handle having their information about sexual assault, mental health, suicide attempts, and parent abuse exposed on the dark web.
Hackers are desperate to make money from cybercrimes. A singular security breach within the school system simplifies the task of gaining access to the personal information of thousands of students, teachers, and parents.
When school authorities deny paying a ransom, hackers often go ahead and release the data online. In some instances, schools have even failed to inform the affected individuals causing further delays in actions that could prevent further damage.
“Truth is, they didn’t notify us about anything,” a parent of a student said after their child’s data was exposed in the Minneapolis Public Schools.
Many parents are compelled to seek online solutions where they can find a sense of ease, as evidenced by a Google support page. A concerned parent inquired, “Someone hacked my daughter’s Google Classroom account. How can I contact Google to get help?”
This situation highlights the breakdown of communication channels that could otherwise aid affected individuals in seeking prompt assistance, rather than having their concerns showcased online.
Moreover, the potential for their queries to be viewed by the entire community might discourage certain parents from seeking help.
Alarming cases of US student data leaks
In one such incident, a student lost access to their TikTok channel, which came to light when they received a notification on their mobile phone.
The student was blocked from accessing TikTok. Expressing their trauma, they said that their username, password, and phone number was changed.
The student had over 7,000 followers on TikTok who were now exposed to someone else and had no clue who they were now connected to.
Another student suffered a cyber attack when a hacker breached their Instagram account while they remained unaware of the security incident. It came to their knowledge only after they were called by a friend asking about a Bitcoin post on their account.
The user could not gain access to their Instagram account and was left helpless without any direct contact support, as mentioned in an email by them to The State News.
Is lack of a communication channel the real problem?
Multiple incidents highlight how adversaries employ diverse tactics to capitalize on monetary opportunities. Those targeted often face difficulties, particularly when lacking familiarity with cybersecurity, technology, and post-cyber attack precautions.
This is where the initiative by the Biden-Harris Administration becomes pivotal. Strengthening cybersecurity in American K-12 schools is crucial, given the existing threats to the education sector.
The emphasis lies in introducing fresh measures and providing accessible resources to schools throughout the United States.
It outlines impactful cybersecurity strategies capable of bolstering the safety and safeguarding of students, teachers, staff, and educational institutions alike..
US School Cybersecurity Initiative by Bidden-Harris administration
The White House has backed students and their data security by introducing a novel initiative for K-12 school cybersecurity.
The initiative highlighted instances of sensitive information belonging to students and staff being exposed publicly. To address this leaders, educators, and private sector companies discussed and offered added resources to protect American schools.
What the K-12 U.S. schools cybersecurity initiative entailed
- A proposal for a program under the Universal Service Fund was made that will provide up to $200 million over three years for cybersecurity in US schools
- Establishment of a Government Coordinating Council (GCC) to coordinate activities, policies and communications. The communication between federal, state, local, tribal, and territorial education leaders can help for better collaboration for US school cybersecurity.
- Protection of schools and districts from threats and supporting them in responding to and recovering from cyber attacks.
- The release of the K-12 Digital Infrastructure Brief: Defensible & Resilient by the U.S. Department of Education and CISA for education leaders to build digital infrastructure for education.
- The release of Adequate and Future-Proof and Privacy-Enhancing, Interoperable and Useful to create further resources to create awareness towards US school cybersecurity.
- Updated resources for perusal offered by the FBI and the National Guard Bureau with guidance related to reporting cyber incidents.
Cybersecurity companies have also come forward to help secure school systems and offer tools to prevent threats.
Amazon will be providing a number of free services including security reviews to the U.S. education technology companies providing applications to K-12 schools.
The following companies have offered to help with the best solutions for US school cybersecurity –
- Amazon Web Services offering $20 million for a K-12 grant program, free training for K-12 IT staff, and no-cost cyber attack assistance through its customer incident response team.
- Cloudflare to offer a suite of free Zero Trust cybersecurity solutions through Project Cybersafe Schools. This solution will help public school districts under 2,500 students with safer internet browsing and email security.
- PowerSchool, that provides cloud-based software to offer free and subsidized courses, training, tools, and resources to all U.S. schools and districts.
- The K-12 Cybersecurity Guidebook offered by Google for schools to maintain security of their Google software apps and hardware.
- The learning platform company D2L to offer new cybersecurity courses and security reviews for the core D2L integration partners.
In an effort to provide results, response, and relief to students, guardians, and organizations, the US school cybersecurity initiative by the White House is considered a boon in the present time.
It is imperative that school authorities make the most of the solutions, funding, and courses made available by the government, legal bodies, and cybersecurity firms.
It is time cybersecurity in US schools is given an overhaul with an opportunity to grow. It is expected from organizations, educators, and students to take it up in full spirit.
This initiative can pave the path for schools and governments across the globe so they secure educational institutions and student data from hackers and ransomware groups.
When victims of data breaches know where to look for help and whom to call for guidance, the pain in coping with the incident subsides.
The initiative by the US government for K-12 school cybersecurity bears witness to the commitment toward their people and security.