“The passage of the K-12 Cybersecurity Act of 2021 underscores the magnitude of these challenges and the importance of marshaling federal resources to address them,” Doug Levin, EdTech IT influencer and national director of the K12 Security Information Exchange told THE Journal. “While we expect benefits from its passage, our hope is that this is only the first step in a longer legislative process to address the systemic issues that make cybersecurity risk management a particular challenge for school districts.”
CISA is also required to follow up this investigation with recommendations and resources for schools based on its findings. The agency will have 60 days to create its guidelines following the review’s conclusion, and it will have an additional 120 days to “create an online toolkit school districts can use to implement those strategies and recommendations,” according to StateScoop.
K–12 districts protect a great quantity of valuable data, including grades and academic records, medical files, Social Security numbers and family information. The act became law just months after the nonprofit Center for Internet Security’s announcement that cybersecurity incidents in K–12 could jump 86 percent this academic year.
As a bill, the K–12 Cybersecurity Act had the support of numerous K–12 organizations, including endorsements from the Consortium for School Networking, the School Superintendents Association, the National Association of Secondary School Principals and the American Federation of Teachers.