On January 24, 2023, the Cyber Security and Infrastructure Security Agency (CISA) released a report called “Partnering to Safeguard K-12 Organizations from Cybersecurity Threats,” for K-12 institutions to help protect them against cybersecurity threats. Alongside the report, CISA shared a toolkit containing recommendations and resources for building, operating, and maintaining a safe and protected environment for staff, students, and parents.
With the increase in technology and network advances in K-12 schools, there has been an increase in malicious cyber actors and threats targeting these organizations. The U.S. Congress has been aware of these risks and created the K-12 Cybersecurity Act of 2021, known as “The Act”, which brought CISA on to study, develop, and report on any cyber risk that could fall into the elementary and secondary school environment. As a result of CISA’s involvement, the organization released its mandated report with insight into any current threats to K-12 schools and the steps to prevent and mitigate against any future cyber-attacks.
The report’s findings emphasize the importance of deploying multifactor authentication (MFA), mitigating any known vulnerabilities (patching), testing backups, and implementing a cybersecurity training program. Further down the road, this can lead to a strong cyber security plan that also correlates with the NIST Cybersecurity Framework (CSF).
CISA released a Digital Online Toolkit to provide resources and materials for K-12 schools to implement within their environment. The toolkit is available for download and includes three recommendations for building a strong cybersecurity team.
- Invest in the most impactful security measures and build toward a mature cybersecurity team
- Recognize and actively address resource constraints
- Focus on collaboration and information sharing
CISA’s K-12 Report Emphasizes the Importance of the Following Security Practices:
- Deploying multifactor authentication (MFA)
- Mitigating any known vulnerabilities within the environment (patching)
- Establishing and testing backups regularly
- Develop and execute an Incident Response Plan periodically
- Creating a strong cybersecurity training program
- Prioritizing investments in alignment with the full list of CISA’s CPGs, and
- Developing a unique cybersecurity plan that leverages the NIST CSF CISA ensures these small steps will quickly reduce the malicious cyber threats and vulnerabilities that can infiltrate the educational environment.
CISA also exclaims a strong partnership between K-12 Education, FBI regional cybersecurity personnel, and themselves, will be resourceful for future updates on this topic.
https://www.congress.gov/bill/117th-congress/senate-bill/1917 – “The Act”
https://www.cisa.gov/sites/default/files/publications/K-12report-24Jan23.pdf – Report PDF
https://www.cisa.gov/partnering-safeguard-k-12-toolkit – The Online Toolkit (download)
https://www.cisa.gov/protecting-our-future-partnering-safeguard-k-12-organizations-cybersecurity-threats – Partnership Announcement