Cyber Threats

Federal Legislation Would Create K-12 Cybersecurity Improvement Program, Incident Registry

• By Kristal Kuykendall
• 04/20/23

A new bill filed in both houses of Congress Wednesday by U.S. Rep. Doris Matsui (D-CA), Rep. Zach Nunn (R-IA), Sen. Marsha Blackburn (R-TN), and Sen. Mark Warner (D-VA) would direct CISA to create a cybersecurity information exchange for K–12 schools, a voluntary incident registry, and a “Cybersecurity Technology Improvement Program” funded at $10 million per year for the next two years.

The bill, titled “Enhancing K–12 Cybersecurity Act,” was previously introduced during the 2021 Congress and never made it out of committee. Since then, cyber attacks targeting K–12 school districts have expanded ten-fold. Last year, ransomware attacks targeting K–12 schools worldwide grew at an “absolutely massive” rate of 827% over 2021, according to SonicWall’s 2023 Cyber Threat Report.

The reintroduced legislation — assigned bill number 1191 in the Senate and still awaiting assignment in the House early Thursday — will now go to the Homeland Security and Governmental Affairs committees in each chamber for consideration and debate. 

The bill calls for the following:

• K–12 Cybersecurity Information Exchange: The legislation directs the Cybersecurity and Infrastructure Security Agency Director to establish a Cybersecurity Information Exchange to disseminate information, best practices, and grant opportunities to improve cybersecurity.

• K–12 Cybersecurity Incident Registry: The legislation establishes a Cybersecurity Incident Registry within CISA to track incidents of cyberattacks on elementary and secondary schools. Information submitted to the Registry is strictly voluntary and will help improve data collection to coordinate activities related to the nationwide monitoring of the incidence and financial impact of cyberattacks.

• K–12 Cybersecurity Technology Improvement Program: The bill directs CISA to establish the K–12 Cybersecurity Technology Improvement Program to be administered through an information and analysis organization to deploy cybersecurity capabilities that will help address cybersecurity risks and threats to information systems of K–12 schools. This approach will capitalize on the existing services and expertise of organizations like MS-ISAC & others to ensure maximum impact of funds. The bill authorizes $10 million per year for FYs ‘24 & ‘25 to fund the Technology Improvement Program.

Find the full text of the Enhancing K–12 Cybersecurity Act at Matsui’s website.

A number of cybersecurity and ed tech organizations are supporting the proposed legislation, including National Association of Secondary School Principals, National Association of Elementary School Principals, Council of Chief State School Officers, National Association of State Chief Information Officers, State Educational Technology Directors Association, and Consortium for School Networking, according to a news release.

“From ransomware to data breaches, cyberattacks targeting our K–12 schools are growing increasingly sophisticated and common, necessitating a robust response to keep our students and teachers safe,” said Matsui, ranking member of the House Energy and Commerce Subcommittee on Communications and Technology. “Cybercriminals are rapidly evolving their strategies to cause chaos and disruption, yet a lack of resources for our schools is forcing them to do more with less. The Enhancing K–12 Cybersecurity Act would establish a crucial roadmap to prepare our K–12 cyber infrastructure for future attacks.”

“When I was working on the White House’s National Security Council, I witnessed firsthand how important it is to prioritize cybersecurity. With these crimes on the rise, it’s imperative that we provide our schools with the tools to keep students’ information secure,” said Nunn. 

“Cyberattacks continue to grow in size, frequency, and complexity in critical U.S. institutions, including in America’s schools,” said Blackburn. “We must ensure that our education sector is equipped to address these threats and keep students’ personal information private. This bipartisan and bicameral legislation will improve the cybersecurity tracking system for schools and provide them with necessary training resources and best practices for prevention.”

“As cyberattacks continue to expose private information and disrupt infrastructure across industries, including in education, with increased frequency, we must ensure that schools are in the best position possible to prevent and respond to attacks,” said Warner. “This legislation will put in place necessary procedures to protect our students’ data and keep sensitive information private.”

“Cyberattacks disrupt learning, waste taxpayers’ money, and threaten the sensitive personal data of students and teachers,” said CoSN CEO Keith Krueger. “CoSN strongly supports the Enhancing K–12 Cybersecurity Act and commends Reps. Matsui and Nunn and Sens. Blackburn and Warner for stepping forward to protect our schools. Congress should act quickly to help communities address this growing threat.”

Learn more at CoSN.org.