The U.S. Department of Education has launched a council to help K-12 schools strengthen their cybersecurity practices, the agency announced on March 28.
The “government coordinating council,” which includes representatives from federal agencies, state education departments, education technology leaders, superintendents, and principals, will be responsible for hosting cybersecurity-training activities, recommending policies, and communicating best practices to help schools respond to and recover from cybersecurity threats and attacks, according to the department.
The council is part of the federal response to K-12 schools’ cybersecurity challenges. Schools have become the leading target for cybercriminals, and for years, education organizations have advocated additional federal resources to help schools boost their network security.
Cyberattacks are costly, not just financially but also academically. The loss of learning time after a cyberattack has ranged from three days to three weeks, and recovery time from the attack can take anywhere from two to nine months, according to a 2022 U.S. Government Accountability Office report. School districts have also lost between $50,000 and $1 million per cyberattack, the report found.
“Small, rural, and even medium-sized and large districts are struggling with being understaffed and not having the expertise to handle cybersecurity,” said Keith Krueger, a member of the council and the CEO for the nonprofit Consortium for School Networking, a membership organization for district education technology leaders. “There are many opportunities for the federal government to provide value, but it can be overwhelming. No one has the time to look into every [federal] agency that could potentially help.”
Noelle Ellerson Ng, the associate executive director of advocacy and governance for AASA, The School Superintendents Association, said it’s a great sign that schools are at the table as part of the conversation on a broader cybersecurity approach. AASA nominated two superintendents to serve on the council: Heather Perry of the Gorham schools in Maine and Gustavo Balderas of the Beaverton schools in Oregon.
“The No. 1 thing I’d be looking for is a substantive conversation where it’s not just providing a forum for feedback but actually making the feedback actionable,” Ellerson Ng said.
Along with CoSN and AASA, other education groups on the council include the State Educational Technology Directors Association, the Council of the Great City Schools, and the National Association of Secondary School Principals.
The council hosted its inaugural meeting on March 28.
“This is really the beginning,” Krueger said. “This is like a giant steamship. It takes a while to turn the wheels, but we already see quite a difference. A year or two or three ago, there was very little focus on [cybersecurity] resources for K-12.”
The launch comes seven months after the White House hosted the first K-12 cybersecurity summit, where Secretary of Education Miguel Cardona and first lady Jill Biden unveiled the cybersecurity initiative that includes the government coordinating council.
As part of the White House initiative, the federal Cybersecurity and Infrastructure Security Agency will provide tailored assessments and cybersecurity training and exercises for K-12 schools. The FBI will release updated resource guides so state governments and education officials know how to report cybersecurity incidents and can leverage the federal government’s cyber-defense capabilities. Some education technology companies also made commitments to provide free or low-cost cybersecurity-training resources to school districts.
States are seeking to help schools address cyberattacks, too. States enacted nearly twice as many new cybersecurity laws with implications for education last year as they did the year before, according to a CoSN report. Many of the new laws aim to ensure that K-12 officials are addressing cybersecurity or attempting to connect districts with greater technical expertise.
