The U.S. Department of Education is teaming up with the University of California at Berkeley鈥檚 Center for Long-Term Cybersecurity on an initiative to improve collaboration between schools鈥 education technology vendors and cybersecurity experts.
The goal: To stem the tidal wave of attacks on districts, which increasingly originate from the platforms, applications, and other technology schools use for teaching, learning, operations, and more.
The initiative鈥攌nown as the Partnership for Advancing Cybersecurity in Education, or PACE鈥攚ill hold a summit in October bringing together cybersecurity experts and ed-tech vendors.
鈥淏y uniting the expertise of cybersecurity professionals with the innovation of key ed-tech vendors, we can help proactively address cyber vulnerabilities before they lead to ransomware attacks that disrupt students鈥 learning, school operations, and compromise sensitive student data,鈥 U.S. Deputy Secretary of Education Cindy Marten said in a statement. 鈥淭his partnership will develop actionable insights to enhance the resilience of the ed-tech sector, ensuring that our educational tools are not only effective but secure.鈥
Cyberattacks, which can cost districts millions of dollars and days or weeks of missed learning time, are becoming an increasingly severe problem for school districts.
Eighty percent of K-12 schools have been targeted by ransomware in the past year, according to a survey of IT professionals conducted last year by Sophos, a cybersecurity firm. That鈥檚 a higher percentage than any other industry surveyed, including health care and financial services.
What鈥檚 more, education tech leaders around the country recently named cybersecurity as their top priority for the seventh year in a row, in a conducted by the Consortium for School Networking, or CoSN.
The problem has intensified as districts across the country adopted new ed-tech tools, in part to enable virtual learning during the pandemic. Bringing in new platforms and products made districts increasingly susceptible to attacks.
In fact, 55 percent of K-12 school data breaches between 2016 and 2021 were carried out on ed-tech vendors, according to data provided by the department. That included attacks on large, well-resourced districts, such as New York City public schools.
The PACE initiative鈥檚 October event will include discussion of so-called 鈥,鈥 which call for products and applications to embrace features such as multi-factor authentication and single sign-on, as a standard practice, and at no additional cost to districts.
The event will also consider other long-term solutions for common product vulnerabilities.
鈥淧ACE aims to lift and shift some of the burden for managing cyber risk from school district leaders to the key ed-tech providers whose systems districts rely on every day for teaching, learning, and operations,鈥 said Sarah Powazek, the program director of Public Interest Cybersecurity at the Center for Long-Term Cybersecurity, in a statement. 鈥淜-12 leaders will play a critical advisory role by highlighting cybersecurity pain points and vetting recommendations鈥 that emerge from the PACE event.
Educators interested in learning more can email pace@berkeley.edu for information.
Multiple efforts to combat cyberattacks against schools
This is not the department鈥檚 only recent action to combat cybercrime in schools.
In March, the agency launched a council to help K-12 schools strengthen their cybersecurity practices.
Other federal agencies responsible for internet connectivity in schools also see cybersecurity as a top concern.
Jessica Rosenworcel, the chair of the Federal Communications Commission, has proposed a pilot program that would provide up to $200 million in competitive grants over three years to help schools and libraries guard against cyberthreats, which have become increasingly sophisticated in recent years.
But the federal government hasn鈥檛 always been so attentive to this issue. A 2022 report by the Government Accountability Office found that the federal government, including the Education Department, had largely dropped the ball on some key steps to help schools prevent, plan for, and deal with these attacks.
Keith Krueger, the chief executive officer of CoSN, applauded the department鈥檚 direction.
鈥淚t sounds like a great idea to get technical support to companies鈥 on cybersecurity, he said. 鈥淭here鈥檚 so many new and emerging companies that need help in this area.鈥
Doug Levin, the co-founder and national director of the , agreed.
鈥淭here鈥檚 no question that for under-resourced school systems focusing on their supply chain, the vendors that they rely on everything in the classroom as well as the back office is smart and important.鈥
And he liked that ed-tech companies will get to opt in to the conversation. 鈥淚 think it鈥檚 pretty appropriate to start with voluntary efforts like this,鈥 he said.
But he warned that stopping attacks on vendors is no easy feat. 鈥淎ll it takes is the weakest link in the chain鈥 to cause an attack.
Jun Kim, the director of technology for Oklahoma鈥檚 Moore Public Schools and an 澳门跑狗论坛 Leader to Learn From, is optimistic that the initiative can get ed- tech companies on the same page when it comes to cybersecurity.
鈥淚 hope that these companies can work past the 鈥榤ine, mine mentality鈥 to say, 鈥榳e are actually going to do something about it鈥 and shake hands with that other company and find that meeting place and, say 鈥榯his is the standard.鈥 I hope they can get there. I think they will.鈥