WASHINGTON, D.C. – U.S. Senators Marsha Blackburn (R-Tenn.) and Mark Warner (D-Va.), along with Representatives Doris Matsui (D-Calif.) and Representative Zach Nunn (R-Iowa), reintroduced the Enhancing K-12 Cybersecurity Act. This legislation will strengthen cybersecurity at America’s K-12 schools by promoting access to information, better tracking of cyberattacks nationally, and providing new cybersecurity resources.

“Cyberattacks continue to grow in size, frequency, and complexity in critical U.S. institutions, including in America’s schools,” said Senator Blackburn. “We must ensure that our education sector is equipped to address these threats and keep students’ personal information private. This bipartisan and bicameral legislation will improve the cybersecurity tracking system for schools and provide them with necessary training resources and best practices for prevention.”

“As cyberattacks continue to expose private information and disrupt infrastructure across industries, including in education, with increased frequency, we must ensure that schools are in the best position possible to prevent and respond to attacks,” said Senator Warner. “This legislation will put in place necessary procedures to protect our students’ data and keep sensitive information private.”

“From ransomware to data breaches, cyberattacks targeting our K-12 schools are growing increasingly sophisticated and common, necessitating a robust response to keep our students and teachers safe,” said Congresswoman Matsui. “Cybercriminals are rapidly evolving their strategies to cause chaos and disruption, yet a lack of resources for our schools is forcing them to do more with less. The Enhancing K-12 Cybersecurity Act would establish a crucial roadmap to prepare our K-12 cyberinfrastructure for future attacks.”

“When I was working on the White House’s National Security Council, I witnessed firsthand how important it is to prioritize cybersecurity.  With these crimes on the rise, it’s imperative that we provide our schools with the tools to keep students’ information secure,” said Representative Nunn. “In the wake of the ransomware incident in January, I’m proud to work across the aisle to ensure our schools have the resources and training they need to protect students.”

“Cyberattacks disrupt learning, waste taxpayers' money, and threaten the sensitive personal data of students and teachers,” said Keith Krueger, CEO of the Consortium for School Networking (CoSN). “CoSN strongly supports the Enhancing K-12 Cybersecurity Act and commends Reps. Matsui and Nunn and Senators Blackburn and Warner for stepping forward to protect our schools. Congress should act quickly to help communities address this growing threat.”

This bill makes important K-12 cybersecurity improvements:

• Directs the Cybersecurity and Infrastructure Security Agency (CISA) Director to establish a Cybersecurity Information Exchange to disseminate information, best practices, and grant opportunities to improve cybersecurity.
• Establishes a Cybersecurity Incident Registry within CISA to track incidents of cyberattacks on elementary and secondary schools. Information submitted to the Registry is strictly voluntary and will help improve data collection to coordinate activities related to the nationwide monitoring of the incidence and financial impact of cyberattacks.
• Directs CISA to establish the K-12 Cybersecurity Technology Improvement Program to be administered through an information and analysis organization to deploy cybersecurity capabilities that will help address cybersecurity risks and threats to information systems of K-12 schools. This approach will capitalize on the existing services and expertise of organizations like MS-ISAC & others to ensure maximum impact of funds. The bill authorizes $10 million per year for FYs ‘24 & ‘25 to fund the Technology Improvement Program.

BACKGROUND:

Cyberattacks targeting schools are increasing in frequency and severity. These attacks have threatened students’ privacy and caused harmful classroom disruptions. According to the K-12 Cybersecurity Resource Center, from 2016-2021 there were over 1,300 publicly disclosed cyber incidents involving education organizations across all 50 states. These cyber incidents included ransomware, data breaches, and denial-of service attacks, among others. 

Last September, the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency, and the MultiState Information Sharing and Analysis Center (MS-ISAC) released a Cybersecurity Advisory outlining the significant cyber threat facing K-12 institutions, noting certain cybercriminals are “disproportionately targeting the education sector with ransomware attacks,” and that they anticipated increases in such attacks. As schools continue to expand the use of digital platforms to engage students, the Enhancing K-12 Cybersecurity Act provides additional resources to address cyber threats and protect personal information.

Endorsing Organizations:

• National Association of Secondary School Principals (NASSP)
• National Association of Elementary School Principals (NAESP)
• Council of Chief State School Officers (CCSSO)
• National Association of State Chief Information Officers (NASCIO)
• State Educational Technology Directors Association (SETDA)
• Consortium for School Networking (CoSN)

Full text of the Enhancing K-12 Cybersecurity Act can be found here.