Oct 22 2021

The K–12 Cybersecurity Act Becomes Law

The president signed the bipartisan act on Oct. 8, initiating the Cybersecurity and Infrastructure Security Agency’s review of threats against K–12 institutions.

Earlier this month, President Joe Biden signed the K–12 Cybersecurity Act. This puts into motion the research the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency will conduct on the impact of cyberattacks, such as ransomware, on K–12 institutions.

The bipartisan act, sponsored by Sen. Gary Peters, D-Mich., chair of the Homeland Security and Governmental Affairs Committee, and Sen. Rick Scott, R-Fla., calls for CISA to undertake a 120-day review of these threats and evaluate how districts can bolster their cybersecurity to better protect student and staff data in their systems.

“The passage of the K-12 Cybersecurity Act of 2021 underscores the magnitude of these challenges and the importance of marshaling federal resources to address them,” Doug Levin, EdTech IT influencer and national director of the K12 Security Information Exchange told THE Journal. “While we expect benefits from its passage, our hope is that this is only the first step in a longer legislative process to address the systemic issues that make cybersecurity risk management a particular challenge for school districts.”

CISA is also required to follow up this investigation with recommendations and resources for schools based on its findings. The agency will have 60 days to create its guidelines following the review’s conclusion, and it will have an additional 120 days to “create an online toolkit school districts can use to implement those strategies and recommendations,” according to StateScoop.

K–12 districts protect a great quantity of valuable data, including grades and academic records, medical files, Social Security numbers and family information. The act became law just months after the nonprofit Center for Internet Security’s announcement that cybersecurity incidents in K–12 could jump 86 percent this academic year.

As a bill, the K–12 Cybersecurity Act had the support of numerous K–12 organizations, including endorsements from the Consortium for School Networking, the School Superintendents Association, the National Association of Secondary School Principals and the American Federation of Teachers.

PEOPLEIMAGES/GETTY IMAGES