K-12 Digital Infrastructure Brief: Defensible & Resilient

Summary

The federal government has released a 25-page guide aimed at K-12 school districts. The purpose of this guide is to help schools become more defensible and resilient as districts come under increasingly more sophisticated cyber-attacks.  

This guide is divided into 5 sections:

  1. Identify
  2. Protect
  3. Detect
  4. Respond
  5. Recover

Background

K-12 school districts nationwide are experiencing a sharp increase in cyberattacks with numerous districts being impacted, resulting in schools having to cancel classes or close completely. These attacks have disrupted operations and impacted students, families, teachers, and administrators. Sensitive personal information including student grades, medical records, documented home issues, behavioral information, and financial information of students and employees has been stolen and publicly disclosed. Sensitive information about school security systems has also been leaked online. According to a 2022 U.S. GAO report, the loss of learning following a cyberattack ranged from three days to three weeks, and recovery time took anywhere from two to nine months. The monetary losses to districts following a cyber incident ranged from $50,000 to $1 million. 

Federal Government Actions & Response Highlights

  • The FCC is proposing to provide up to $200 million over three years to strengthen cyber defenses in K-12 schools.
  • The U.S. Department of Education and the Cybersecurity and Infrastructure Security Agency (CISA) jointly released “K-12 Digital Infrastructure Brief: Defensible & Resilient” to assist educational leaders in building and sustaining a core digital infrastructure for learning.  
  • The U.S. Department of Education is establishing a Government Coordinating Council (GCC) to coordinate activities, policies, and communications between, and amongst, federal, state, local, tribal, and territorial education leaders to strengthen the cyber defenses and resilience of K-12 schools. This is the first step in the Department’s strategy to protect schools and districts from cybersecurity threats. 
  • The FBI and the National Guard Bureau are releasing updated resource guides to ensure state government and education officials know how to report cybersecurity incidents and can leverage the federal government’s cyber defense capabilities.

PART 2 OF THIS SERIES TITLED “K-12 DIGITAL INFRASTRUCTURE BRIEF: DEFENSIBLE & RESILIENT” can be found here.

PART 3 OF THIS SERIES “K-12 DIGITAL INFRASTRUCTURE BRIEF: PRIVACY ENHANCING, INTEROPERABLE, AND USEFUL” can be found here.