What should I do?
Complete a Free Cybersecurity Self-Assessment
Cybersecurity is a collective effort that starts with a commitment from district administration and requires buy-in from support staff and teachers. While complete protection is not realistic for any organization, developing a strong security posture can be achieved by understanding the nature of your risks and by implementing best practices to mitigate your exposure. In lieu of waiting for potential guidance from the outcome of The K-12 Cybersecurity Act of 2019, K-12 school districts are adopting one of the existing cybersecurity frameworks such as the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) or the Center for Internet Security Top 20 (CIS 20). A great starting point is to complete the K-12 Cybersecurity Self Assessment. It’s a free, quick, useful, private, and anonymous self-assessment – based on NIST CSF – for school district IT leaders created by school district IT leaders.
This is a 20-minute, 50-question assessment intended to help school districts identify and prioritize cybersecurity controls. This assessment is based on the NIST CSF, adapted for U.S. K-12 school districts and focused on practical, relevant examples. Completing the questionnaire will generate a printable-report with customized, detailed feedback. The report can be used to communicate priorities to district leadership, as well as to help provide a roadmap for school district IT leaders seeking to shore up their district’s cybersecurity controls.
A Work In Progress
The United States Government has taken notice of this severe threat to our nation’s schools. In December 2019, U.S. Senators Gary Peters (D-MI), Ranking Member of the Senate Homeland Security and Governmental Affairs Committee, and Rick Scott (R-FL) introduced bipartisan legislation to implement stronger cybersecurity protections for K-12 educational institutions across the country. The K-12 Cybersecurity Act of 2019 would help educational institutions bolster their cybersecurity protections by instructing the Department of Homeland Security (DHS) to examine the risks and challenges that schools face in securing their systems. DHS would also be charged with creating a set of cybersecurity recommendations and other voluntary resources for schools to use when implementing their cybersecurity solutions.
The K-12 Cybersecurity Act of 2019 directs DHS’s Cybersecurity and Infrastructure Security Agency (CISA) to work with other federal departments and private sector organizations to complete a study of cybersecurity risks specific to K-12 educational institutions, including risks related to sensitive student and employee records. Following the completion of that study, the bill directs CISA to develop cybersecurity recommendations and an online toolkit to help schools improve their cybersecurity systems. These voluntary tools would be made available on the DHS website with other DHS school safety information.
The government has provided districts with various grant programs that can fund K-12 cybersecurity.
What is the government doing to help?
How can your district fund CyberCare?
Use the TEACH Grant and your ESSER Funds for CyberCare!
On May 26, 2021, the US Department of Education released new guidance on how grant money from ESSER and GEER Funds can be used. These funds can now be used to improve cybersecurity in school districts.
Q: May ESSER and GEER funds be used to improve cybersecurity?
A: Yes. If a school, LEA, or state is improving cybersecurity to better meet educational and other needs of students related to preventing, preparing for, or responding to COVID-19, it may use ESSER or GEER funds. For example, if an LEA needs to increase its use of technology, such as for potential temporary shifts to hybrid learning if COVID-19 cases arise, expanded cybersecurity needs to facilitate that activity may also be addressed using ESSER or GEER funds.
Please review the guidance document for further details.
Eligible districts in Wisconsin can also apply for the TEACH Infrastructure Grant which can be used to fund 100% of the cost of TRA’s CyberCare! For more information about the TEACH program administered by the Wisconsin Department of Administration, Division of Enterprise Technology, please visit their website for eligibility requirements, application and more.
CyberCare – TRA’s Cybersecurity as a Service Offering
TRA’s CyberCare Framework is an adaptable set of services that will strengthen the school district’s security posture based on your defined objectives. Our team of security experts will assist with the creation, implementation, and management of your school district’s cybersecurity plan. TRA has purpose built our CyberCare Framework to facilitate the identification and implementation of applicable core controls of the NIST CSF, which is one of the most widely adopted cybersecurity frameworks in the United States.
TRA CyberCare subscribers will receive dedicated compliance coaching, bi-annual compliance reviews, and an annual Cybersecurity roadmap. In addition, TRA CyberCare includes a base set of services to eliminate the burden of researching & vetting required security services, to accelerate the implementation of these required security services, and to alleviate the ongoing management of these required security services. Contact us to learn more about TRA CyberCare!
In the event of a security breach, TRA’s incident response team is available to provide remediation on demand. Please note this investigation and remediation assistance will be billed by the hour, requires access to your network environment, and may include the deployment of the TRA Tool Stack to enable and expedite the assistance efforts of our team.
How can TRA help me?
How can I learn more?
K-12 Cybersecurity Resource Center Year In Review
The cyber terror network has correctly identified that a large percentage of school districts are vulnerable to cyber attacks and are unprepared to respond accordingly. The K-12 Cybersecurity Resource Center, www.k12cybersecure.com, is a great resource to stay informed about the nature, frequency, and location of K-12 cybersecurity-related incidents.
Technology Resource Advisors, Inc. has partnered with EdTech Strategies to enable the production of “The State of K-12 Cybersecurity: 2020 Year in Review. Please contact us below if you would like to receive your copy of this report.