U.S. Department of Education Urged to Strengthen Primary and Secondary School Ransomware Defenses


The United States Department of Education and the Department of Homeland Security (DHS) were urged this week to more aggressively tighten cybersecurity protections at K-12 schools across the nation to keep up with a massive surge. of attacks.

The call to action comes from US Senators Maggie Hassan (D-NH), Kyrsten Sinema (D-AZ), Jacky Rosen (D-NV) and Chris Van Hollen (D-MD).

It was suggested by a report from the Government Accountability Office (GAO) released Friday, assessing that the Department of Education’s current plan to address threats to primary and secondary schools – published in 2010 – is significantly outdated and primarily focused on mitigating physical threats.

“Primary and secondary schools increasingly face cyberattacks from a diverse set of actors, largely driven by the rapid rise of ransomware,” the four US Senators She said.

“According to a database of publicly reported cybersecurity incidents in primary and secondary schools, 2019 saw nearly three times more incidents than in 2018, and 2020 saw a further 18% increase over 2019. These incidents include ransomware attacks on school districts of New Hampshire, Nevada, Arizona and Maryland. “

For context on ransomware’s impact on U.S. education institutions throughout 2021, ransomware attacks have disrupted education at nearly 1,000 universities, colleges, and schools since the beginning of the year, according to Brett Callow, Emsisoft Threat Analyst.

Although this number is lower than in 2020 (when 1,681 educational institutions were hit), it’s mainly because ransomware attacks hit smaller school districts this year.

Recommendations and measures to strengthen cybersecurity K-12

The GAO found that the two government agencies provided K-12 schools with programs, services and support (e.g., incident response assistance, network monitoring tools, and guidance for parents and students) designed to help defend against these ongoing attacks.

However, it is more than evident that K-12 education needs further support, as evidenced by the growing number of successful cybersecurity breaches affecting K-12 schools.

To address this issue, the GAO asked the Department of Education to schedule a meeting with the Cybersecurity and Infrastructure Security Agency (CISA) to decide how to update its industry-specific risk mitigation plan and determine if specific guidelines are needed. industry to address cyber threats.

“We strongly agree with the GAO’s recommendations for the Department of Education, in partnership with the DHS Cybersecurity and Infrastructure Security Agency (CISA), to update the educational facilities subsector specific plan and determine if guidance is needed. specific to the subsector and we are pleased to see that the Department of Education has shared the recommendation, “added the senators (PDF).

“An updated subsector-specific plan will help the Department of Education and DHS prioritize IT and non-IT risks to the education subsector, while sub-sector specific guidance would help primary and secondary schools make better use of management frameworks. existing information security and to implement best practices. “

The two agencies were also urged to establish a coordinating council for educational facilities to encourage better coordination between federal, state, local and private sector groups that support K-12 schools.

According to the senators, this would further strengthen their protection against cyber attacks, just as was the case in the Electoral Infrastructure subsector.


Please enter your comment!
Please enter your name here