The evolving cyber threat landscape makes it clear that organizations in the public and private sectors must be prepared to maintain operations and address new cyber threats and challenges as they arise – including schools that have unique security needs and considerations that require specific cybersecurity resources.
Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA), said on Nov. 1 that as the agency responsible for supporting and protecting U.S. critical infrastructure against cyber threats, CISA must raise awareness of the potential risks for the education community and put forward useful and practical tools and solutions that help schools confront the complex and ever-changing cyber threat environment.
“When we talk about school safety, we’re not just referring to physical safety,” Easterly said during CISA’s K-12 School Safety Summit. “Schools must also be digitally safe. And in that realm, we recognize that many are facing a new and almost unprecedented frontier of cyber threats.”
“We’re [also] aware that many school districts lack the resources to dedicate time to a comprehensive cybersecurity program,” she added.
Easterly explained that K-12 schools need the best available information, resources, and tools, and that CISA is focused on providing the necessary support to help schools drive down cyber risk and protect schools against attacks.
During her keynote address, Easterly highlighted a report CISA released in January regarding the protection and safeguarding of K-12 schools from cyber threats. The report provides recommendations and resources to help K-12 schools and school districts address systemic cybersecurity risks. It also provides insight into the current threat landscape specific to K-12 schools and offers actionable steps school leaders can take to strengthen their cyber posture.
CISA also provides an online toolkit that aligns resources and materials to the recommendations it laid out in the January report.
“We hope that leaders in the K-12 community – including superintendents, district and school administrators, school boards, and state policymakers – all will take advantage of this report and the related toolkit to better understand these cyber risks and take basic steps to reduce the risks,” Easterly said.
She also highlighted CISA’s recent partnership with the Department of Education in an August 2023 K-12 digital infrastructure brief, which provides districts another resource “to understand the importance of securing [their] digital infrastructure” and offers steps that K-12 schools can take to keep their systems safe.
These resources, Easterly explained, offer K-12 schools and their administrators essential resources to reduce cyber risk to digital infrastructure that children use and rely on each day.
In addition to the resources that CISA offers, Easterly explained that there are simple tools every K-12 school has in its toolbox to confront security threats and build the best possible and safest school systems.
“We all must create a culture of shared responsibility,” Easterly said. “It really takes all of us – teachers, students, parents, administrators, state and local partners IT security staff – to recognize and understand the severity of these threats, gain the knowledge needed to build collective defenses, and to put into practice those key simple behaviors and actions that can make us all safer.”