IT Infrastructure & Management

Ed-Tech Companies Are Vulnerable to Cyberattacks. A New Federal Effort Wants to Help

By Alyson Klein — May 02, 2024 4 min read
Image of lock on binary code background.
  • Save to favorites
  • Print

The U.S. Department of Education is teaming up with the University of California at Berkeley’s Center for Long-Term Cybersecurity on an initiative to improve collaboration between schools’ education technology vendors and cybersecurity experts.

The goal: To stem the tidal wave of attacks on districts, which increasingly originate from the platforms, applications, and other technology schools use for teaching, learning, operations, and more.

The initiative—known as the Partnership for Advancing Cybersecurity in Education, or PACE—will hold a summit in October bringing together cybersecurity experts and ed-tech vendors.

“By uniting the expertise of cybersecurity professionals with the innovation of key ed-tech vendors, we can help proactively address cyber vulnerabilities before they lead to ransomware attacks that disrupt students’ learning, school operations, and compromise sensitive student data,” U.S. Deputy Secretary of Education Cindy Marten said in a statement. “This partnership will develop actionable insights to enhance the resilience of the ed-tech sector, ensuring that our educational tools are not only effective but secure.”

Cyberattacks, which can cost districts millions of dollars and days or weeks of missed learning time, are becoming an increasingly severe problem for school districts.

Eighty percent of K-12 schools have been targeted by ransomware in the past year, according to a survey of IT professionals conducted last year by Sophos, a cybersecurity firm. That’s a higher percentage than any other industry surveyed, including health care and financial services.

What’s more, education tech leaders around the country recently named cybersecurity as their top priority for the seventh year in a row, in a survey of 980 K-12 tech officials, conducted by the Consortium for School Networking, or CoSN.

The problem has intensified as districts across the country adopted new ed-tech tools, in part to enable virtual learning during the pandemic. Bringing in new platforms and products made districts increasingly susceptible to attacks.

In fact, 55 percent of K-12 school data breaches between 2016 and 2021 were carried out on ed-tech vendors, according to data provided by the department. That included attacks on large, well-resourced districts, such as New York City public schools.

The PACE initiative’s October event will include discussion of so-called “secure-by-design principles,” which call for products and applications to embrace features such as multi-factor authentication and single sign-on, as a standard practice, and at no additional cost to districts.

The event will also consider other long-term solutions for common product vulnerabilities.

“PACE aims to lift and shift some of the burden for managing cyber risk from school district leaders to the key ed-tech providers whose systems districts rely on every day for teaching, learning, and operations,” said Sarah Powazek, the program director of Public Interest Cybersecurity at the Center for Long-Term Cybersecurity, in a statement. “K-12 leaders will play a critical advisory role by highlighting cybersecurity pain points and vetting recommendations” that emerge from the PACE event.

Educators interested in learning more can email pace@berkeley.edu for information.

Multiple efforts to combat cyberattacks against schools

This is not the department’s only recent action to combat cybercrime in schools.

In March, the agency launched a council to help K-12 schools strengthen their cybersecurity practices.

Other federal agencies responsible for internet connectivity in schools also see cybersecurity as a top concern.

Jessica Rosenworcel, the chair of the Federal Communications Commission, has proposed a pilot program that would provide up to $200 million in competitive grants over three years to help schools and libraries guard against cyberthreats, which have become increasingly sophisticated in recent years.

But the federal government hasn’t always been so attentive to this issue. A 2022 report by the Government Accountability Office found that the federal government, including the Education Department, had largely dropped the ball on some key steps to help schools prevent, plan for, and deal with these attacks.

Keith Krueger, the chief executive officer of CoSN, applauded the department’s direction.

“It sounds like a great idea to get technical support to companies” on cybersecurity, he said. “There’s so many new and emerging companies that need help in this area.”

Doug Levin, the co-founder and national director of the K12 Security Information Exchange, agreed.

“There’s no question that for under-resourced school systems focusing on their supply chain, the vendors that they rely on everything in the classroom as well as the back office is smart and important.”

And he liked that ed-tech companies will get to opt in to the conversation. “I think it’s pretty appropriate to start with voluntary efforts like this,” he said.

But he warned that stopping attacks on vendors is no easy feat. “All it takes is the weakest link in the chain” to cause an attack.

Jun Kim, the director of technology for Oklahoma’s Moore Public Schools and an Education Week Leader to Learn From, is optimistic that the initiative can get ed- tech companies on the same page when it comes to cybersecurity.

“I hope that these companies can work past the ‘mine, mine mentality’ to say, ‘we are actually going to do something about it’ and shake hands with that other company and find that meeting place and, say ‘this is the standard.’ I hope they can get there. I think they will.”

Events

This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
Reading & Literacy Webinar
(Re)Focus on Dyslexia: Moving Beyond Diagnosis & Toward Transformation
Move beyond dyslexia diagnoses & focus on effective literacy instruction for ALL students. Join us to learn research-based strategies that benefit learners in PreK-8.
Content provided by EPS Learning
Classroom Technology Live Online Discussion A Seat at the Table: Is AI Out to Take Your Job or Help You Do It Better?
With all of the uncertainty K-12 educators have around what AI means might mean for the future, how can the field best prepare young people for an AI-powered future?
Special Education K-12 Essentials Forum Understanding Learning Differences
Join this free virtual event for insights that will help educators better understand and support students with learning differences.

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
View Jobs
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
View Jobs
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
View Jobs
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.
View Jobs

Read Next

IT Infrastructure & Management Sizing Up the Risks of Schools' Reliance on the 'Internet of Things'
Technology is now critical to both the learning and business operations of schools.
1 min read
Vector image of an open laptop with octopus tentacles reaching out of the monitor around a triangle icon with an exclamation point in the middle of it.
DigitalVision Vectors
IT Infrastructure & Management How Schools Can Survive a Global Tech Meltdown
The CrowdStrike incident this summer is a cautionary tale for schools.
8 min read
Image of students taking a test.
smolaw11/iStock/Getty
IT Infrastructure & Management What Districts Can Do With All Those Old Chromebooks
The Chromebooks and tablets districts bought en masse early in the pandemic are approaching the end of their useful lives.
3 min read
Art and technology teacher Jenny O'Sullivan, right, shows students a video they made, April 15, 2024, at A.D. Henderson School in Boca Raton, Fla. While many teachers nationally complain their districts dictate textbooks and course work, the South Florida school's administrators allow their staff high levels of classroom creativity...and it works.
Art and technology teacher Jenny O'Sullivan, right, shows students a video they made on April 15, 2024, at A.D. Henderson School in Boca Raton, Fla. After districts equipped every student with a device early in the pandemic, they now face the challenge of recycling or disposing of the technology responsibly.
Wilfredo Lee/AP
IT Infrastructure & Management Los Angeles Unified's AI Meltdown: 5 Ways Districts Can Avoid the Same Mistakes
The district didn't clearly define the problem it was trying to fix with AI, experts say. Instead, it bought into the hype.
10 min read
Image of the complexities of Artificial Intelligence.
Kotryna Zukauskaite for Education Week