Federal leaders announce K-12 cybersecurity guidance, resources and more

White House officials and the departments of Education and Homeland Security announced on Aug. 6 public and private initiatives to strengthen K-12 cyber defenses, as well as new guidance documents highlighting cybersecurity recommendations and promising practices from states and districts across the country.

Jointly released with the Cybersecurity and Infrastructure Security Agency (CISA), the documents aim to assist educational leaders in building and sustaining core digital infrastructure for learning.

Officials also said they would establish a government coordinating council to organize cybersecurity activities and communications. This collaboration among federal, state and local leaders seeks to bolster protections against and responses to cyberattacks.

″Just as we expect everyone in a school system to plan and prepare for physical risks, we must now also ensure everyone helps plan and prepare for digital risks in our schools and classrooms,” U.S. Education Secretary Miguel Cardona said in a statement.

Schools across the country have experienced an increase in cyberattacks in recent years. In 2022–23 alone, at least eight K-12 school districts throughout the country were impacted. In four cases, schools were forced to cancel classes or close completely. In addition to disrupting school operations, cyberattacks have also impacted students, families, teachers and administrators. Sensitive personal information — including grades, medical records, documented home issues, behavioral information and financial information — of students and employees were stolen and publicly disclosed, as was sensitive information about school security systems.

Among the recently announced actions and resources to strengthen K-12 cybersecurity:

  • Federal Communications Commission Chairwoman Jessica Rosenworcel is proposing establishing a pilot program under the Universal Service Fund to provide up to $200 million over three years to strengthen cyber defenses in K-12 schools and libraries in tandem with other federal agencies that have deep expertise in cybersecurity.
  • The U.S. Department of Education will establish a Government Coordinating Council that will coordinate activities, policy and communications between federal, state, local tribal and territorial education leaders to strengthen the cyber defenses and resilience of K-12 schools. This ongoing collaboration between all levels of government and the education sector is a key first step in the strategy to protect schools and districts from cybersecurity threats and for supporting districts in preparing for, responding to and recovering from cybersecurity attacks, according to officials.
  • CISA plans to conduct 12 K-12 cybersecurity training exercises this year, averaging one per month, and is currently soliciting exercise requests from government and critical infrastructure partners, including the K-12 community.
  • The Federal Bureau of Investigation and the National Guard Bureau are releasing updated resource guides to ensure state government and education officials know how to report cybersecurity incidents and can leverage the federal government’s cyber defense capabilities.

Additionally, several education technology providers are committing to providing free and low-cost resources to school districts, including:

  • Amazon Web Services (AWS) is committing $20 million for a K-12 cyber grant program available to all districts and state departments of education; free security training offerings tailored to K-12 IT staff; and no-cost incident response assistance in the event a school district experiences a cyberattack. AWS will also provide free well-architected security reviews to U.S. education technology companies providing mission-critical applications to the K-12 community.
  • Cloudflare, through its Project Cybersafe Schools, will offer a suite of free Zero Trust cybersecurity solutions to public school districts under 2,500 students, to give small school districts faster, safer online browsing and email security.
  • PowerSchool, a provider of cloud-based K-12 software for 80 percent of U.S. districts, will provide new free and subsidized “security as a service” courses, training, tools and resources to all U.S. schools and districts.
  • Google released an updated “K-12 Cybersecurity Guidebook” for schools on the most effective and impactful steps education systems can take to ensure the security of their Google hardware and software applications.
  • D2L, a learning platform company, is committing to providing access to new cybersecurity courses in collaboration with trusted third parties; extending its information security review for the core D2L integration partners; and pursuing additional third-party validation of D2L compliance with security standards.

Prior to these announcements, the Biden-Harris Administration unveiled the National Cyber Workforce and Education Strategy, a comprehensive approach aimed at addressing both immediate and long-term cyber workforce needs. Filling the hundreds of thousands of cyber job vacancies across the country is a national security imperative, officials said in the July 31 announcement.