#Privacy: New act mandates review of schools’ cybersecurity

U.S. Senators Gary Peters, Ranking Member of the Senate Homeland Security and Governmental Affairs Committee, and Rick Scott, have introduced bipartisan legislation to implement stronger cybersecurity protections for K-12 educational institutions across the US.

The K-12 Cybersecurity Act of 2019 would help educational institutions bolster their cybersecurity protections by instructing the Department of Homeland Security (DHS) to examine the risks and challenges that schools face in securing their systems.

DHS would also be charged with creating a set of cybersecurity recommendations and other voluntary resources for schools to use when implementing their cybersecurity solutions.

In recent years, cyber-attacks on schools have become increasingly common, resulting in a state of emergency in Louisiana and numerous school closures in Arizona. In 2018, Johannesburg-Lewiston Area Schools in Michigan were targeted by a malicious ransomware attack that temporarily shut down the district’s systems, says a news release.

The K-12 Cybersecurity Act of 2019 directs DHS’s Cybersecurity and Infrastructure Security Agency (CISA) to work with other federal departments and private sector organizations to complete a study of cybersecurity risks specific to K-12 educational institutions, including risks related to sensitive student and employee records.

Following the completion of that study, the bill directs CISA to develop cybersecurity recommendations and an online toolkit to help schools improve their cybersecurity systems. These voluntary tools would be made available on the DHS website with other DHS school safety information.

“Schools across the country are entrusted with safeguarding the personal data of their students and faculty, but lack many of resources and information needed to adequately defend themselves against sophisticated cyber-attacks,” said Senator Peters.

“This commonsense, bipartisan legislation will help to ensure that schools in Michigan and across the country can protect themselves from hackers looking to take advantage of our nation’s cybersecurity vulnerabilities.”

Recently, a report by Armor revealed that 11 new U.S. school districts (comprising 226 schools) have been compromised by ransomware since late October 2019.

Since January 2019 to date, Armor has identified a total of 72 school districts and/or individual educational institutions that have publicly reported being a victim of  ransomware. These attacks have potentially impacted 1,039 schools nationwide.


Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/