New federal initiative aims to bolster edtech cybersecurity

The Center for Long-Term Cybersecurity (CLTC) and the U.S. Department of Education announced on May 2 the Partnership for Advancing Cybersecurity in Education (PACE) — an initiative to improve the defensibility and resilience of K-12 digital infrastructure by fostering collaboration between education technology vendors and cybersecurity experts.

PACE — not be confused with the Policy Analysis for California Education — will develop “actionable insights” to improve the resilience of the education technology (edtech) sector in the face of increasing cyber threats to K-12 schools, officials said. Edtech tools are fundamental to managing private and confidential information essential to day-to-day school operations, including maintaining student health, attendance, contact, financial and disciplinary records.

However, alongside increasing edtech adoption has come a tripling of estimated attack surfaces for cybersecurity threats to emerge. Yet edtech products are not always designed with cybersecurity considerations in mind. As a result, 55 percent of K-12 school data breaches between 2016 and 2021 were carried out on edtech vendors, according to officials.

Among PACE’s efforts will be a mobilization of edtech companies to enhance the cybersecurity of their products through active engagement and collaboration with the cybersecurity community.

“By uniting the expertise of cybersecurity professionals with the innovation of key edtech vendors, we can help proactively address cyber vulnerabilities before they lead to ransomware attacks that disrupt students’ learning, school operations, and compromise sensitive student data,” U.S. Deputy Secretary of Education Cindy Marten said in announcing the initiative. “This partnership will develop actionable insights to enhance the resilience of the edtech sector, ensuring that our educational tools are not only effective but secure. By focusing on securing the edtech products that all school districts need for their operations, PACE can help to drive cybersecurity benefits at scale for the 14,000 school districts and the millions of students they serve across the U.S.”

The cybersecurity needs of local educational agencies were a major topic during the 2024 ACSA-CSBA Coast2Coast Federal Advocacy Trip, where trustees from across California met with leaders including Marten to discuss a host of educational priorities that federal policymakers should support to improve student achievement, well-being and more.

In October, PACE will convene an edtech summit, bringing together cybersecurity experts, edtech vendors and stakeholders to discuss cybersecurity, the benefits of secure-by-design principles and to look ahead at addressing product vulnerabilities that will improve the security of America’s K-12 digital infrastructure for millions of students and educators.

“No student or parent should have to worry about their sensitive information being leaked online,” said Sarah Powazek, program director of Public Interest Cybersecurity at CLTC. “This partnership will help protect U.S. schools by strengthening the technology products they most depend on. By collaborating with a few upstream vendors, we have the potential to help K-12 institutions better defend against ransomware attacks that disrupt school operations and compromise sensitive student data.”