K-12 district schools have been a soft target for cybercriminals in the year gone by. To address the rising threat prospective, two U.S. Senators, Gary Peters (D-Mich.) and Rick Scott (R-Fla.), both members of the Senate’s National Security and Government Affairs Committee have tabled a new bill called the “K-12 Cybersecurity Act”.
As per a report shared on the K-12 Cybersecurity Resource Center, 119 cybersecurity incidents were recorded in U.S. K-12 schools. The findings also suggest that ransomware attacks have been a hot favorite. Another independent study from Kaspersky indicates that ransomware attacks targeted towards K-12 schools have risen by 23 percent.
Emsisoft, an anti-malware and anti-virus service provider has shared interesting facts in a recent survey. A key highlight of the report states that there were at least 86 universities, colleges and school districts impacted, which in turn disrupted operations of around 1,224 individual schools. The report also shared a list of top three incidences of public schools being affected by ransomware attacks:
- Louisiana public schools: In July, Louisiana Governor declared a state of emergency after three public school districts fell victim to ransomware. A State of Emergency was re-invoked in November when another ransomware attack affected 10 percent of Louisiana’s 5,000 network servers and more than 1,500 computers.
- Rockville Centre School District: On July 25, Ryuk ransomware hit Rockville Centre School District. The district’s insurance carrier negotiated the ransom demand of US$176,000 down to US$88,000 which was covered by them.
- Las Cruces Public Schools: In late October, a ransomware attack infected thousands of servers and devices in Las Cruces Public Schools, in New Mexico. The district disagreed to pay the ransom and instead ended up reformatting close to 30,000 devices. Las Cruces Public Schools has been attacked three times in the past six years.
The effects of such attacks on educational institutions regards loss of personal information, including student grades and qualifications, teacher employment and payroll information, family records and medical health records.
The K-12 Cybersecurity Act has been introduced to address these risks. This Act directs the DHS Cybersecurity and Infrastructure Security Agency (CISA) to first study the specific cybersecurity risks associated with K-12 educational institutions. Once the study is done, CISA will then be responsible to develop cybersecurity recommendations and set up online tools to help schools with their cybersecurity requirements.
“Schools across the country are entrusted with safeguarding the personal data of their students and faculty but lack many of the resources and information needed to adequately defend themselves against sophisticated cyber-attacks,” said Senator Peters. “This commonsense, bipartisan legislation will help to ensure that schools in Michigan and across the country can protect themselves from hackers looking to take advantage of our nation’s cybersecurity vulnerabilities.”
“The safety of our schools is always my top priority, and that includes protecting the information of our students and teachers,” said Senator Scott. “I’m proud to sponsor the K-12 Cybersecurity Act of 2019 to further protect our schools, students and educators, and give them the resources they need to stay safe.”
Marc Egan, Director of Government Relations, National Education Association lauded the efforts put in by the two senators. He said, “We applaud Senator Peters and Senator Scott for introducing the K-12 Cybersecurity Act of 2019, which will help prevent hundreds of cyber-attacks on our schools each year. An assessment of risks and specific, tangible guidelines on how best to protect our school networks from being taken hostage will help our educators prevent such interruptions to teaching and learning and protect sensitive student data.”
