SETDA Report Calls for State Education Agencies to Take Lead on Cybersecurity, More Sustained Funding

SETDA, a national association of U.S. ed tech and IT leaders, on Wednesday released its first Cybersecurity and Privacy Collaborative “landscape scan” calling on federal policymakers and state and local education leaders to work together to increase information sharing and to commit significant, sustained resources and training to improving cybersecurity across the nation’s K–12 schools.

The Cybersecurity and Privacy Collaborative, funded by the Bill & Melinda Gates Foundation, is a professional learning community focused on K–12 cybersecurity advocacy at the state level and policy recommendations. It is part of the nonprofit SETDA, established as the State Educational Technology Directors Association in 2001 to support emerging school tech needs.

The collaborative meets bi-weekly year-round to develop resources so states and local school districts better coordinate their cybersecurity prevention efforts and more effectively leverage their limited funding, according to a SETDA news release.

The report on the current landscape of K–12 cybersecurity details critical, persistent challenges for local school districts and state education agencies; legislative needs and recommendations; and vital resources available to K–12 leaders now.

The report emphasizes the importance of state education agencies taking a bigger role in cybersecurity efforts and said the collaborative’s members are actively “working with states to further their thinking about the role of cybersecurity in the K–12 sector,” it stated. “States have a responsibility to establish cybersecurity as a priority, and ensure that schools and districts are good stewards of the student data entrusted to them.”

Members of the collaborative are calling for all state education agencies to do the following in order to ease the burden of cybersecurity on local education agencies, as stated verbatim in the report:

  • Sharing Learning and Resources: States explore their ability to share more than just guidelines and documentation. They are partnering with cybersecurity experts to create a common roadmap for LEAs.
  • Educating District and School Leaders: States can help put cybersecurity on the radar for local leaders. State leaders who prioritize communicating threats and opportunities help make cybersecurity a priority for local leaders.
  • Promoting Response and Recovery Strategies: Knowing that cyberattacks are a matter of “when” rather than “if,” states must insist that LEAs discuss and plan for how they will react when the inevitable happens and provide the resources to support recovery strategies
  • Sharing Incident Data: States would significantly increase their insight into threats and patterns if they could lessen the stigma of reporting details of a cybersecurity breach. Creative solutions are needed to allow this data to get to state leaders without greatly increasing the sphere of people who need to know about a particular system’s breach.
  • Developing Mitigation Strategies: States are working to identify a tiered list of mitigation strategies that might support districts entering the conversation at differing stages of implementation.
  • Building Collaboratives: States are making progress by sharing resources and best practices. Districts are banding together through service centers or cooperatives to supplement LEA cybersecurity expertise and help train their staff.
  • Engaging Expert Partners: States have increased K–12 expertise by partnering with state police and other public entities and organizations and companies who can provide their schools with affordable cybersecurity services.
  • Group Purchasing: There are vast economies of scale in state-wide purchasing or LEAs collaborating on cybersecurity-related services such as risk assessments, vulnerability scanning, penetration testing, and security awareness training.

In calling for greater commitment of sustained funding to cybersecurity planning, the collaborative noted that the complexity of school funding as well as a “fundamental misunderstanding” of the difference between the cost to buy ed tech and the cost to support it and keep it secure ongoing has resulted in the creation of new vulnerabilities as school districts received pandemic relief funds and purchased new devices and equipment.

“While legislation shows some movement toward investing in cybersecurity, more designated funding is necessary,” the report stated. “If investments in security measures are seen in competition with classroom instruction or student productivity, security posture is likely to be compromised.”

The collaborative noted an increase in attention to cybersecurity by state legislative bodies in 2021, citing the Consortium on School Networking’s 2021 State and Federal Cybersecurity Policy Trends report. But it is not enough, the report said: Incidents are still going unreported and secure cyber-incident information sharing is sorely needed.

It also said more training is needed, noting that many school data breaches are caused by human error, and it called for policymakers to encourage inter-agency coordination and statewide solutions.

Key Resources Available Now That Address K–12 Needs

The report noted that while many organizations and tech providers offer guidance on improving cybersecurity, most of it is not appropriate or helpful for K–12 IT environments. The report listed the following guides and nonprofits whose expertise is particularly suited to public school challenges and needs:

Download the full K–12 cybersecurity landcape report at the SETDA website or visit SETDA.org to learn more about the organization’s advocacy efforts.

Featured

  • An elementary school teacher and young students interact with floating holographic screens displaying colorful charts and playful data visualizations in a minimalist classroom setting

    New AI Collaborative to Explore Use of Artificial Intelligence to Improve Teaching and Learning

    Education-focused nonprofits Leading Educators and The Learning Accelerator have partnered to launch the School Teams AI Collaborative, a yearlong pilot initiative that will convene school teams, educators, and thought leaders to explore ways that artificial intelligence can enhance instruction.

  • landscape photo with an AI rubber stamp on top

    California AI Watermarking Bill Supported by OpenAI

    OpenAI, creator of ChatGPT, is backing a California bill that would require tech companies to label AI-generated content in the form of a digital "watermark." The proposed legislation, known as the "California Digital Content Provenance Standards" (AB 3211), aims to ensure transparency in digital media by identifying content created through artificial intelligence. This requirement would apply to a broad range of AI-generated material, from harmless memes to deepfakes that could be used to spread misinformation about political candidates.

  • closeup of laptop and smartphone calendars

    2024 Tech Tactics in Education Conference Agenda Announced

    Registration is free for this fully virtual Sept. 25 event, focused on "Building the Future-Ready Institution" in K-12 and higher education.

  • cloud icon connected to a data network with an alert symbol (a triangle with an exclamation mark) overlaying the cloud

    U.S. Department of Commerce Proposes Reporting Requirements for AI, Cloud Providers

    The United States Department of Commerce is proposing a new reporting requirement for AI developers and cloud providers. This proposed rule from the department's Bureau of Industry and Security (BIS) aims to enhance national security by establishing reporting requirements for the development of advanced AI models and computing clusters.