WASHINGTON, D.C. – A bipartisan bill authored by U.S. Senator Gary Peters (MI), Chairman of the Homeland Security and Governmental Affairs Committee, to enhance cybersecurity assistance to K-12 educational institutions across the country has been signed into law. Chairman Peters joined President Biden at the White House for the bill signing. Schools are responsible for securing a considerable amount of sensitive records related to their students and employees, including student grades, family records, medical histories, and employment information. The bill will help educational institutions bolster their cybersecurity protections by instructing the Cybersecurity and Infrastructure Security Agency (CISA) to examine the risks and challenges that schools face in securing their systems. Using their findings, CISA is charged with creating cybersecurity recommendations and other voluntary resources for schools to use when implementing their cybersecurity solutions.
“As malicious cybercriminals continue to target the network of K-12 schools across the nation – the federal government needs to provide them with the resources needed to protect themselves from hackers,” said Senator Peters. “I’m grateful to President Biden for signing this important, bipartisan bill into law so our nation’s cybersecurity experts can better understand school specific risks and help safeguard the information technology systems of K-12 schools, as well as the personal information of our dedicated educators, students, and school staff. As Chairman of the Homeland Security and Governmental Affairs Committee, I’ll continue leading efforts to fight back against cyber-attacks that disrupt lives and livelihoods, and hold foreign adversaries and cybercriminals accountable for targeting American networks.”
Cyber-attacks on schools increased over the past year as Americans’ daily lives and classrooms moved online during the pandemic, including attacks against schools in Michigan. In one attack on Walled Lake Consolidated Schools, hackers successfully accessed records and posted information online. In 2018, Johannesburg-Lewiston Area Schools in Michigan were targeted by a malicious ransomware attack that temporarily shut down the district’s systems. In Florida, hackers successfully stole thousands of files from Broward County’s School District systems earlier this year.
The K-12 Cybersecurity Act directs CISA to work with teachers, school administrators, other federal departments and private sector organizations to complete a study of cybersecurity risks specific to K-12 educational institutions, including risks related to securing sensitive student and employee records and challenges related to remote learning. Following the completion of that study, the law directs CISA to develop cybersecurity recommendations and an online toolkit to help schools improve their cybersecurity hygiene. These voluntary tools would be made available on the Department of Homeland Security (DHS) website along with other DHS school safety information.
The K-12 Cybersecurity Act has been endorsed by the Michigan Association for Computer Users in Learning, Michigan Association of School Boards, Consortium for School Networking, School Superintendents Association, National Association of Secondary School Principals and the American Federation of Teachers.
Below are statements of support for the legislation:
“The Michigan Association of School Boards applauds Senator Gary Peters for leading this bipartisan effort that will address cyber security for our school districts,” said Don Wotruba, Executive Director of the Michigan Association of School Boards. “We look forward to additional resources from the federal government and guidance from the Cybersecurity and Infrastructure Security Agency that will help us combat this serious issue, which puts the personal information of our students and faculty at risk.”
“MACUL welcomes the passage of the K-12 Cybersecurity Act and commends Senator Peters' for his bipartisan leadership to address this time-sensitive need,” said Mark Smith, Executive Director of the Michigan Association for Computer Users in Learning (MACUL). “This bipartisan effort will help leaders at all levels of government better understand how to best protect school's computer networks and sensitive data from external threats. The Act takes an important step closer to ensuring that schools have the assistance they need to better protect students' and educators' confidential information."
“K-12 school systems across Michigan are responsible for collecting and storing the personal information of thousands of students and faculty. Constant attempts to steal this information by hackers who are supported by powerful resources are one of our primary concerns,” said Kevin D. Miller, Ph.D, Superintendent, St. Clair County Regional Educational Service Agency. “I’m grateful to Senator Peters for leading this effort that will give organizations like ours resources we currently lack to fend off these attacks and defend our networks.”
“As cyber-attacks on schools continue to increase during the pandemic and beyond, we applaud Senator Peters and Scott for their efforts and are thrilled to see bipartisan legislation pass through Congress that would make recommendations and provide voluntary tools to districts on how to improve their cybersecurity hygiene and allow them to better safeguard the personal information of students and facility in K-12 schools around the nation,” said Sasha Pudelski, Director of Advocacy, AASA, The School Superintendents Association
“Improved federal, state and local government collaboration is needed to stop the recent flood of cyber-attacks on schools,” said Keith Krueger, CEO of the Consortium for School Networking (CoSN). “CoSN appreciates Senators Peters’ and Senator Scott’s work to secure passage of the K-12 Cybersecurity Act. This legislation recognizes that the United States desperately needs a swift and comprehensive assessment of the network security challenges school districts face, coupled with a commitment to provide the additional tools and technical assistance required to better protect students' and educators' confidential data."
###