IT Infrastructure & Management

Ed-Tech Companies Are Vulnerable to Cyberattacks. A New Federal Effort Wants to Help

By Alyson Klein — May 02, 2024 4 min read
Image of lock on binary code background.
  • Save to favorites
  • Print

The U.S. Department of Education is teaming up with the University of California at Berkeley’s Center for Long-Term Cybersecurity on an initiative to improve collaboration between schools’ education technology vendors and cybersecurity experts.

The goal: To stem the tidal wave of attacks on districts, which increasingly originate from the platforms, applications, and other technology schools use for teaching, learning, operations, and more.

The initiative—known as the Partnership for Advancing Cybersecurity in Education, or PACE—will hold a summit in October bringing together cybersecurity experts and ed-tech vendors.

“By uniting the expertise of cybersecurity professionals with the innovation of key ed-tech vendors, we can help proactively address cyber vulnerabilities before they lead to ransomware attacks that disrupt students’ learning, school operations, and compromise sensitive student data,” U.S. Deputy Secretary of Education Cindy Marten said in a statement. “This partnership will develop actionable insights to enhance the resilience of the ed-tech sector, ensuring that our educational tools are not only effective but secure.”

Cyberattacks, which can cost districts millions of dollars and days or weeks of missed learning time, are becoming an increasingly severe problem for school districts.

Eighty percent of K-12 schools have been targeted by ransomware in the past year, according to a survey of IT professionals conducted last year by Sophos, a cybersecurity firm. That’s a higher percentage than any other industry surveyed, including health care and financial services.

What’s more, education tech leaders around the country recently named cybersecurity as their top priority for the seventh year in a row, in a survey of 980 K-12 tech officials, conducted by the Consortium for School Networking, or CoSN.

The problem has intensified as districts across the country adopted new ed-tech tools, in part to enable virtual learning during the pandemic. Bringing in new platforms and products made districts increasingly susceptible to attacks.

In fact, 55 percent of K-12 school data breaches between 2016 and 2021 were carried out on ed-tech vendors, according to data provided by the department. That included attacks on large, well-resourced districts, such as New York City public schools.

The PACE initiative’s October event will include discussion of so-called “secure-by-design principles,” which call for products and applications to embrace features such as multi-factor authentication and single sign-on, as a standard practice, and at no additional cost to districts.

The event will also consider other long-term solutions for common product vulnerabilities.

“PACE aims to lift and shift some of the burden for managing cyber risk from school district leaders to the key ed-tech providers whose systems districts rely on every day for teaching, learning, and operations,” said Sarah Powazek, the program director of Public Interest Cybersecurity at the Center for Long-Term Cybersecurity, in a statement. “K-12 leaders will play a critical advisory role by highlighting cybersecurity pain points and vetting recommendations” that emerge from the PACE event.

Educators interested in learning more can email pace@berkeley.edu for information.

Multiple efforts to combat cyberattacks against schools

This is not the department’s only recent action to combat cybercrime in schools.

In March, the agency launched a council to help K-12 schools strengthen their cybersecurity practices.

Other federal agencies responsible for internet connectivity in schools also see cybersecurity as a top concern.

Jessica Rosenworcel, the chair of the Federal Communications Commission, has proposed a pilot program that would provide up to $200 million in competitive grants over three years to help schools and libraries guard against cyberthreats, which have become increasingly sophisticated in recent years.

But the federal government hasn’t always been so attentive to this issue. A 2022 report by the Government Accountability Office found that the federal government, including the Education Department, had largely dropped the ball on some key steps to help schools prevent, plan for, and deal with these attacks.

Keith Krueger, the chief executive officer of CoSN, applauded the department’s direction.

“It sounds like a great idea to get technical support to companies” on cybersecurity, he said. “There’s so many new and emerging companies that need help in this area.”

Doug Levin, the co-founder and national director of the K12 Security Information Exchange, agreed.

“There’s no question that for under-resourced school systems focusing on their supply chain, the vendors that they rely on everything in the classroom as well as the back office is smart and important.”

And he liked that ed-tech companies will get to opt in to the conversation. “I think it’s pretty appropriate to start with voluntary efforts like this,” he said.

But he warned that stopping attacks on vendors is no easy feat. “All it takes is the weakest link in the chain” to cause an attack.

Jun Kim, the director of technology for Oklahoma’s Moore Public Schools and an Education Week Leader to Learn From, is optimistic that the initiative can get ed- tech companies on the same page when it comes to cybersecurity.

“I hope that these companies can work past the ‘mine, mine mentality’ to say, ‘we are actually going to do something about it’ and shake hands with that other company and find that meeting place and, say ‘this is the standard.’ I hope they can get there. I think they will.”

Events

This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
Budget & Finance Webinar
Innovative Funding Models: A Deep Dive into Public-Private Partnerships
Discover how innovative funding models drive educational projects forward. Join us for insights into effective PPP implementation.
Content provided by Follett Learning
Budget & Finance Webinar Staffing Schools After ESSER: What School and District Leaders Need to Know
Join our newsroom for insights on investing in critical student support positions as pandemic funds expire.
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
Student Achievement Webinar
How can districts build sustainable tutoring models before the money runs out?
District leaders, low on funds, must decide: broad support for all or deep interventions for few? Let's discuss maximizing tutoring resources.
Content provided by Varsity Tutors for Schools

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
View Jobs
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
View Jobs
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
View Jobs
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.
View Jobs

Read Next

IT Infrastructure & Management Leader To Learn From Through Wars, Tornadoes, and Cyberattacks, He's a Guardian of Student Privacy
Jun Kim, the technology director in Moore, Okla., works to make the most of innovations—without endangering student data.
11 min read
Jun Kim, Director of Technology for Moore Public Schools, center, leads a data privacy review meeting on Dec. 13, 2023 in Moore, Okla.
Jun Kim, director of technology for the Moore public schools in Moore, Okla., leads a data privacy review for staff.
Brett Deering for Education Week
IT Infrastructure & Management One Solution to Maintaining 1-to-1 Devices? Pay Students to Repair Them
Hiring students to help with the repair process is one way school districts are ensuring the sustainability of their 1-to-1 programs.
4 min read
Sawyer Wendt, a student intern for the Altoona school district’s IT department, repairs a Chromebook.
Sawyer Wendt, who's been a student intern for the Altoona district's tech department since junior year, is now studying IT software development in college.
Courtesy of Jevin Stangel, IT technician for the Altoona school district
IT Infrastructure & Management Schools Get Relief on Chromebook Replacements. Google Extends Device Support to 10 Years
Schools have typically had to replace Chromebooks every three to five years.
4 min read
Photo of teacher working with student on laptop computer.
iStock / Getty Images Plus
IT Infrastructure & Management What We Know About District Tech Leaders, in Charts
Male chief technology officers in K-12 tend to come from technological backgrounds while most female tech leaders are former teachers.
1 min read
Illustration concept of leadership, using wooden cut-out figures and arrows.
Liz Yap/Education Week via Canva