Jun 28 2023

ISTELive 23: The Internal and External Partnerships K–12 Schools Need for Cybersecurity

District IT leaders may still have questions about security and funding, but they aren’t alone in their journey to a safer digital learning experience.

Trying to secure K–12 networks can seem intimidating for IT professionals, especially with cyberattacks repeatedly making the news. The difficulty lies at the crossroads of multiple challenges: A quick shift to technology during the pandemic, a lack of budget and a high number of users are just a few.

While there’s no quick fix for the cybersecurity qualms K–12 IT leaders are having, speakers at ISTELive 23 urged districts to lean into existing partnerships. Conference attendees flocked to these speakers’ sessions, bringing questions and concerns about securing their own districts.

The concerns largely centered on funding, with an audience member anonymously asking for low-cost or free resources in the Tuesday session, “Don’t Go Alone: The Power of Partnerships for Cybersecurity Success.”

The session featured a panel of cybersecurity experts — including CoSN CEO Keith Krueger; Doug Levin, director of the K12 Security Information eXchange; and Bonnie Chelette, the Louisiana State Department of Education’s director of educational technology — who recommended educating staff about the risks associated with cyberattacks.

Krueger also mentioned tabletop exercises, the cybersecurity resources available on CoSN’s site, and patching systems to ensure they are up to date. An audience member added that schools can also use the National Institute of Standards and Technology framework to get started.

Click the banner below to keep up with ed tech innovations when you sign up as an Insider.

Districts Value External Partnerships for K–12 Cybersecurity

External partnerships can help K–12 schools jump-start and support their cybersecurity initiatives. Tuesday’s panelists discussed the current demands of cyber insurance applications — “It went from being a rider on your general policy to exclusive policies with increasingly long and difficult questionnaires,” Levin said — and the resources schools need to meet the requirements.

Panelists agreed that working with a reliable virtual CISO can greatly help schools manage their cybersecurity. “It’s unrealistic that you’re going to get a full-time, highly qualified CISO in every school district across the country,” Levin said. “There have been districts that have dedicated cybersecurity teams … who have experienced compromises over the holidays because they don’t have that covered.”

Districts are already seeing the benefits of working with a cybersecurity expert outside of their institution. “We opted for a vCISO. She meets with us monthly,” said Kristen Landis, technology director at North Penn School District, in the session “Creating and Implementing a Cybersecurity Program for K-12” on Monday.

“Some of our meetings include things like creating a roadmap,” said Landis’s co-presenter, Tony Bickert, assistant director of technology at North Penn School District. “We would say, ‘We’d like to implement MFA,’ and she would work with us to create a timeline for that.”

Doug Levin
It’s unrealistic that you’re going to get a full-time, highly qualified CISO in every school district across the country.”

Doug Levin Director, K12 Information Security eXchange

Schools Turn to Several Internal Partners for Cybersecurity Assistance

In addition to external partnerships, K–12 IT leaders can also look for guidance and support from within their own districts.

North Penn School District has relied on leadership to make sweeping cybersecurity changes in its district, such as implementing MFA.

“We have an ed tech team of union leadership … that will meet with us monthly or whenever there is something we need to discuss that needs to go out to the membership that we need their support on,” Landis explained. “We began talking about MFA in 2021-22. We actually didn’t implement it until the start of this past school year, so it was pretty much a yearlong conversation.”

The district’s tech team used the union leadership representatives to garner support for MFA, and it generated further acceptance of the new technology by introducing it to district administrators over the summer. 

Other districts supported cybersecurity by forming their own committees. District leaders of Alabama’s Jefferson County Schools presented a session on Tuesday called “Curating Digital Resources: Our Journey Toward Strategically Supporting Instruction and Data Privacy,” in which they shared how they formed a digital resource committee to evaluate the privacy of technologies used in the district and also look at equity.

“The committee was really important to me because, in curriculum, we wanted to make sure that instruction was equitable across the district,” said Leslie Richards, Jefferson County Schools’ secondary director of curriculum, instruction and student support. “We knew that we had to be intentional and strategic about the choice of our resources to ensure that equity occurred in instruction.”

From a security standpoint, the committee evaluates requests from school staff to use new resources, such as applications for teaching and learning. Because the committee includes members of the technology, curriculum and federal programs teams as well as executive district leadership, it doesn’t require a dedicated security expert to make these evaluations. Instead, the school system uses its internal experts to evaluate privacy questions and learning standards through multiple lenses.

RELATED: Schools are taking steps to protect themselves from third-party risk.

Other schools, such as Ohio’s Lakota Local Schools, rely on a different internal resource to bolster cybersecurity: their students.

In the panel discussion Tuesday, Krueger mentioned Lakota’s Cyber Academy, which trains high school students in cybersecurity, allowing them to earn certifications and even secure jobs directly out of high school. On this track, if a student chooses to pursue higher education, he or she can earn college credits while working in the field.

An audience member mentioned that his district has a similar program. Luis Hernandez, CIO for Vista Charter Public Schools in Santa Ana, Calif., shared how his school also trains students to champion cybersecurity. “Our students are starting their cybersecurity exposure next year in elementary but currently in middle school.”

Hernandez mentioned that, for high school students, the school has a dual enrollment program with a local community college. “They have a really good cybersecurity program, with a high transfer rate to four-year colleges and a high certification rate.”

Regardless of where K–12 schools are in their cybersecurity journeys, IT professionals shouldn’t feel as though they’re traveling alone. There are partners who can help schools get started or maintain their security posture to keep students and their data safe.

greenbutterfly/Getty Images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT