U.S. Senators Gary Peters (D-MI), Ranking Member of the Senate Homeland Security and Governmental Affairs Committee, and Rick Scott (R-FL) introduced bipartisan legislation to implement stronger cybersecurity protections for K-12 educational institutions across the country. Schools are responsible for securing a considerable amount of sensitive records related to their students and employees, including student grades, family records, medical histories, and employment information. The K-12 Cybersecurity Act of 2019 would help educational institutions bolster their cybersecurity protections by instructing the Department of Homeland Security (DHS) to examine the risks and challenges that schools face in securing their systems. DHS would also be charged with creating a set of cybersecurity recommendations and other voluntary resources for schools to use when implementing their cybersecurity solutions.
“Schools across the country are entrusted with safeguarding the personal data of their students and faculty, but lack many of resources and information needed to adequately defend themselves against sophisticated cyber-attacks,” said Senator Peters. “This commonsense, bipartisan legislation will help to ensure that schools in Michigan and across the country can protect themselves from hackers looking to take advantage of our nation’s cybersecurity vulnerabilities.”
“The safety of our schools is always my top priority, and that includes protecting the information of our students and teachers,” said Senator Scott. “I’m proud to sponsor the K-12 Cybersecurity Act of 2019 to further protect our schools, students and educators, and give them the resources they need to stay safe.”
In recent years, cyber-attacks on schools have become increasingly common, resulting in a state of emergency in Louisiana and numerous school closures in Arizona. In 2018, Johannesburg-Lewiston Area Schools in Michigan were targeted by a malicious ransomware attack that temporarily shut down the district’s systems.
The K-12 Cybersecurity Act of 2019 directs DHS’s Cybersecurity and Infrastructure Security Agency (CISA) to work with other federal departments and private sector organizations to complete a study of cybersecurity risks specific to K-12 educational institutions, including risks related to sensitive student and employee records. Following the completion of that study, the bill directs CISA to develop cybersecurity recommendations and an online toolkit to help schools improve their cybersecurity systems. These voluntary tools would be made available on the DHS website with other DHS school safety information.
As Ranking Member of the Homeland Security and Governmental Affairs Committee, Peters has prioritized efforts to strengthen cybersecurity defenses. This summer, Peters introduced bipartisan legislation to improve access to cybersecurity resources and training for small business owners. Earlier this year, the Senate unanimously approved Peters’ bills to develop and retain highly-skilled cybersecurity professionals in the federal workforce and strengthen cybersecurity coordination with state and local governments.
Below are statements in support of the Senators’ legislation:
"We applaud Senator Peters and Senator Scott for introducing the K-12 Cybersecurity Act of 2019, which will help prevent hundreds of cyber-attacks on our schools each year," said Marc Egan, Director of Government Relations, National Education Association. "An assessment of risks and specific, tangible guidelines on how best to protect our school networks from being taken hostage will help our educators prevent such interruptions to teaching and learning and protect sensitive student data."
“As schools look toward 21st century technology for teaching, learning, and everyday operations, exposure to cyber-attacks have proven to be a real security threat to actual people that learn and teach inside the school walls,” said Randi Weingarten, President of the American Federation of Teachers. “While technology can be a powerful classroom tool to enhance and supplement, not supplant, student learning and the work of educators, strict, enforceable privacy safeguards are so important to make sure our schools remain safe from cyber threats like data breaches, ransomware, and email scams. The K-12 Cybersecurity Act of 2019 will allow DHS to study the depth and scope of these risks to help safeguard our schools so educators and students can use technology with limited risk for years to come.”
“Technology can unlock the deep potential of each student, but bad actors still threaten to circumvent the protections schools have in place,” said JoAnn Bartoletti, Executive Director of the National Association of Secondary School Principals. “NASSP is pleased to see Senators Peters and Scott take a strong first step in urging Congress to lend K-12 schools the cybersecurity assistance they need to ensure the safety of sensitive student data and information.”
“Improved federal, state and local government collaboration is needed to stop the recent flood of cyberattacks on schools,” said Keith Krueger, CEO of the Consortium for School Networking (CoSN). “CoSN welcomes Senators Peters’ and Senator Scott’s decision to introduce the K-12 Cybersecurity Act. This legislation recognizes that the United States desperately needs a comprehensive assessment of the network security challenges school districts face, coupled with a commitment to provide the additional tools and technical assistance required to better protect students' confidential data."
“We are very grateful to Senator Peters for recognizing the importance of cybersecurity in a school setting,” said Dr. Jay Kulbertis, Superintendent of Gladstone Area Schools. “We look forward to the work of the Department of Homeland Security in developing resources for schools to use to address cybersecurity issues and mitigate the risks by preventing, detecting, and responding to cyber-attacks.”
“Effective cybersecurity includes not only resilient systems and security professionals who can build these systems, but also processes and education for people who use these systems day-in-and-day-out,” said Professor Yu Cai, of the College of Computing At Michigan Technological University. “At Michigan Tech, we recognize that building robust cyber-resilience demands a holistic research and education approach, and we start early. Michigan Tech is committed to research and education to produce cyber-awareness in computing users and the next wave of cybersecurity professionals.”
"MACUL strongly supports the K-12 Cybersecurity Act of 2019 and welcomes Senator Peters' leadership on this important issue,” said Mark Smith, Executive Director of the Michigan Association for Computer Users in Learning (MACUL). "Greater steps must be taken quickly to help protect school's computer networks and sensitive student data from external threats which are increasingly targeting vulnerable school districts. This legislation will help districts take an important step toward much stronger protections for students' confidential information."
“Traditionally, K-12 schools are not equipped to identify network security breaches and are not fully aware of how to best respond,” said Jennifer Tisdale, Associate Principal of GRIMM Cybersecurity. “The proposed legislation would evaluate and increasing the cyber resiliency of K-12 schools. Mitigating the risk of identity theft of our citizen’s is a serious matter and critical to the safety and security of the individuals, as well as the security of our nation.”
“In recent years, we have seen a dramatic increase in the number of ransomware attacks on schools around the country, which puts our students’ private, personal information at risk,” said Jason Mellema, Superintendent of Ingham Intermediate School District. “We applaud Senator Peters’ efforts to help ensure Ingham Intermediate School Districts and schools across Michigan understand these threats and are able to take steps to improve cybersecurity defenses for our schools.”