K–12 Cybersecurity Act Signed into Law

On Friday, Oct. 8, President Biden signed the K–12 Cybersecurity Act of 2021 into law. The act comes in response to growing data security incidents impacting K–12 schools in recent years, including a dramatic rise in ransomware and other forms of malware.

On its own, the legislation is fairly simple: It authorizes the director of the Cybersecurity and Infrastructure Security Agency (CISA) to conduct a study within 120 days of the specific risks impacting K–12 institutions. Following that, the director will develop, within 60 days, recommendations for cybersecurity guidelines for K–12 schools, based on the results of the study. And following that, within 120 days, will create an online training toolkit for "officials" at K–12 schools.

Doug Levin, national director for the nonprofit K12 Security Information Exchange (K12 SIX), noted that the new law is significant in several ways, not the least of which that it is the federal government's first formal foray into K–12 data security.

"In parallel with the rise of technology use in schools and classrooms, the cybersecurity challenges facing school districts are growing both more frequent and significant. The passage of the K-12 Cybersecurity Act of 2021 underscores the magnitude of these challenges and the importance of marshaling federal resources to address them," Levin told THE Journal. "While a handful of states — including Texas, New York and New Hampshire — have taken steps to shore up school district cybersecurity risk management practices, this act marks the first foray of the federal government into the issue. While we expect benefits from its passage, our hope is that this is only the first step in a longer legislative process to address the systemic issues that make cybersecurity risk management a particular challenge for school districts."

Levin also expressed hope that, while much work has already been done in K–12, this study will dig deeper into systemic issues in K–12 data security. "Based on research that we and others have already done, we already understand a lot about K–12 cyber incident trends and experiences. And, existing guidance from CISA, MS-ISAC, and the FBI targeted to school districts is useful for what it is. The opportunity for this study is to dig a layer deeper and shed light on the systemic issues responsible for the situation we find ourselves in — issues such as the lack of K–12 cybersecurity expectations and standards, uneven school cyber incident reporting requirements and a lack of resources to adequately protect schools from risks such as ransomware and phishing attacks. There are many common sense steps that the federal government can take that would be of help — and we at the K12 Security Information Exchange stand ready to work hand-in-hand with Congress, CISA and all other parties to make real and lasting progress on the issue."

The findings of the study, the recommendations resulting from it and the online toolkit are all to be made available through the Department of Homeland Security's website.

The recommendations developed from the study, according to the text of the legislation, are to be adopted by schools on a voluntary basis.

Said Levin: "It is our hope that the forthcoming study and recommendations from CISA help lay the foundation for more robust K–12-specific cybersecurity legislation in future sessions of Congress."

About the Author

David Nagel is the former editorial director of 1105 Media's Education Group and editor-in-chief of THE Journal, STEAM Universe, and Spaces4Learning. A 30-year publishing veteran, Nagel has led or contributed to dozens of technology, art, marketing, media, and business publications.

He can be reached at [email protected]. You can also connect with him on LinkedIn at https://www.linkedin.com/in/davidrnagel/ .


Featured

  • stylized human profiles, tablets, and floating icons

    From Feedback to Flexibility: 5 AI Tools Teachers Should Try

    As a fifth-grade teacher and AI School Champion in the St. Vrain Valley School District, I've seen firsthand how artificial intelligence (AI) is transforming education. Here are five AI-enabled tools I've found especially powerful in my classroom and professional practice.

  • computer monitor with a bold AI search bar on the screen

    Google Rolls Out AI Mode in Search

    About a year after introducing AI Overviews for its flagship search offering, Google has announced broad availability of AI Mode in Search.

  • portable Wi-Fi hotspot rests on a stack of books and a laptop in a library

    Senate Votes to Rescind E-Rate Program Funding Loaner WiFi Hotspots for Schools and Libraries

    The Senate has passed a joint resolution to overturn "Addressing the Homework Gap Through the E-Rate Program," a July 2024 expansion to the FCC's E-Rate program that allowed schools and libraries to utilize E-Rate resources to loan out WiFi hotspots to students, school staff, and library patrons.

  • silhouetted student stands before the White House, surrounded by abstract digital graphics of brains, circuits, and AI elements

    White House Sets Sights on AI Education

    A new executive order from President Donald Trump aims to advance America's position in artificial intelligence technology by incorporating AI into education and providing AI training for educators.