Federal Legislation Would Create K-12 Cybersecurity Improvement Program, Incident Registry

A new bill filed in both houses of Congress Wednesday by U.S. Rep. Doris Matsui (D-CA), Rep. Zach Nunn (R-IA), Sen. Marsha Blackburn (R-TN), and Sen. Mark Warner (D-VA) would direct CISA to create a cybersecurity information exchange for K–12 schools, a voluntary incident registry, and a “Cybersecurity Technology Improvement Program” funded at $10 million per year for the next two years.

The bill, titled “Enhancing K–12 Cybersecurity Act,” was previously introduced during the 2021 Congress and never made it out of committee. Since then, cyber attacks targeting K–12 school districts have expanded ten-fold. Last year, ransomware attacks targeting K–12 schools worldwide grew at an “absolutely massive” rate of 827% over 2021, according to SonicWall’s 2023 Cyber Threat Report.

The reintroduced legislation — assigned bill number 1191 in the Senate and still awaiting assignment in the House early Thursday — will now go to the Homeland Security and Governmental Affairs committees in each chamber for consideration and debate. 

The bill calls for the following:

  • K–12 Cybersecurity Information Exchange: The legislation directs the Cybersecurity and Infrastructure Security Agency Director to establish a Cybersecurity Information Exchange to disseminate information, best practices, and grant opportunities to improve cybersecurity.

  • K–12 Cybersecurity Incident Registry: The legislation establishes a Cybersecurity Incident Registry within CISA to track incidents of cyberattacks on elementary and secondary schools. Information submitted to the Registry is strictly voluntary and will help improve data collection to coordinate activities related to the nationwide monitoring of the incidence and financial impact of cyberattacks.

  • K–12 Cybersecurity Technology Improvement Program: The bill directs CISA to establish the K–12 Cybersecurity Technology Improvement Program to be administered through an information and analysis organization to deploy cybersecurity capabilities that will help address cybersecurity risks and threats to information systems of K–12 schools. This approach will capitalize on the existing services and expertise of organizations like MS-ISAC & others to ensure maximum impact of funds. The bill authorizes $10 million per year for FYs ‘24 & ‘25 to fund the Technology Improvement Program.

Find the full text of the Enhancing K–12 Cybersecurity Act at Matsui’s website.

A number of cybersecurity and ed tech organizations are supporting the proposed legislation, including National Association of Secondary School Principals, National Association of Elementary School Principals, Council of Chief State School Officers, National Association of State Chief Information Officers, State Educational Technology Directors Association, and Consortium for School Networking, according to a news release.

“From ransomware to data breaches, cyberattacks targeting our K–12 schools are growing increasingly sophisticated and common, necessitating a robust response to keep our students and teachers safe,” said Matsui, ranking member of the House Energy and Commerce Subcommittee on Communications and Technology. “Cybercriminals are rapidly evolving their strategies to cause chaos and disruption, yet a lack of resources for our schools is forcing them to do more with less. The Enhancing K–12 Cybersecurity Act would establish a crucial roadmap to prepare our K–12 cyber infrastructure for future attacks.”

“When I was working on the White House’s National Security Council, I witnessed firsthand how important it is to prioritize cybersecurity. With these crimes on the rise, it’s imperative that we provide our schools with the tools to keep students’ information secure,” said Nunn. 

“Cyberattacks continue to grow in size, frequency, and complexity in critical U.S. institutions, including in America’s schools,” said Blackburn. “We must ensure that our education sector is equipped to address these threats and keep students’ personal information private. This bipartisan and bicameral legislation will improve the cybersecurity tracking system for schools and provide them with necessary training resources and best practices for prevention.”

“As cyberattacks continue to expose private information and disrupt infrastructure across industries, including in education, with increased frequency, we must ensure that schools are in the best position possible to prevent and respond to attacks,” said Warner. “This legislation will put in place necessary procedures to protect our students’ data and keep sensitive information private.”

“Cyberattacks disrupt learning, waste taxpayers’ money, and threaten the sensitive personal data of students and teachers,” said CoSN CEO Keith Krueger. “CoSN strongly supports the Enhancing K–12 Cybersecurity Act and commends Reps. Matsui and Nunn and Sens. Blackburn and Warner for stepping forward to protect our schools. Congress should act quickly to help communities address this growing threat.”

Learn more at CoSN.org.

About the Author

Kristal Kuykendall is editor, 1105 Media Education Group. She can be reached at [email protected].


Featured

  • An elementary school teacher and young students interact with floating holographic screens displaying colorful charts and playful data visualizations in a minimalist classroom setting

    New AI Collaborative to Explore Use of Artificial Intelligence to Improve Teaching and Learning

    Education-focused nonprofits Leading Educators and The Learning Accelerator have partnered to launch the School Teams AI Collaborative, a yearlong pilot initiative that will convene school teams, educators, and thought leaders to explore ways that artificial intelligence can enhance instruction.

  • landscape photo with an AI rubber stamp on top

    California AI Watermarking Bill Supported by OpenAI

    OpenAI, creator of ChatGPT, is backing a California bill that would require tech companies to label AI-generated content in the form of a digital "watermark." The proposed legislation, known as the "California Digital Content Provenance Standards" (AB 3211), aims to ensure transparency in digital media by identifying content created through artificial intelligence. This requirement would apply to a broad range of AI-generated material, from harmless memes to deepfakes that could be used to spread misinformation about political candidates.

  • closeup of laptop and smartphone calendars

    2024 Tech Tactics in Education Conference Agenda Announced

    Registration is free for this fully virtual Sept. 25 event, focused on "Building the Future-Ready Institution" in K-12 and higher education.

  • cloud icon connected to a data network with an alert symbol (a triangle with an exclamation mark) overlaying the cloud

    U.S. Department of Commerce Proposes Reporting Requirements for AI, Cloud Providers

    The United States Department of Commerce is proposing a new reporting requirement for AI developers and cloud providers. This proposed rule from the department's Bureau of Industry and Security (BIS) aims to enhance national security by establishing reporting requirements for the development of advanced AI models and computing clusters.