White House Holds First-Ever Summit to Address Ransomware Attacks Against K-12 Schools

Published: August 17, 2023

Administration leaders, school administrators, educators, and education technology providers convened at the White House last Tuesday to discuss how to address the deluge of ransomware attacks plaguing K-12 schools.

At least 48 school districts have been hit by ransomware attacks this year — already three more than in all of 2022, according to research from cybersecurity firm Emsisoft. All but 10 had data stolen. For instance, in June, the Department of Education (DOE) announced the sensitive data of about 45,000 New York City public school students, as well as New York City DOE staff and related service providers, were compromised in the worldwide MOVEit file transfer software hack. The types of data impacted include approximately 9,000 Social Security Numbers, birth dates, and employee ID numbers.

An Oct. 2022 report from the U.S. Government Accountability Office found more than 1.2 million students were affected by cyber incidents in 2020 with lost learning ranging from three days to three weeks. The monetary losses to school districts following a cyber incident ranged from $50,000 to $1 million. By the end of 2021, nearly one in three U.S. districts had experienced a breach, according to a survey by the Center for Internet Security.

“Do not underestimate the ruthlessness of those who would do us harm,” Homeland Security Secretary Alejandro Mayorkas said during the summit, referencing the increase in abrasive tactics being used to get organizations to pay ransoms, including the leaking of reports on student suicide attempts.

——Article Continues Below——

Get the latest industry news and research delivered directly to your inbox.

In March, ransomware group Medusa released stolen data stolen from Minneapolis Public Schools after it refused to pay a $1 million ransom. The group leaked data that outlined campus rape cases, child abuse inquiries, student mental health crises, and suspension reports. It also exposed campus security technology details and blueprints of district school buildings.

“If we want to safeguard our children’s futures we must protect their personal data,” first lady Jill Biden said during the meeting. “Every student deserves the opportunity to see a school counselor when they’re struggling and not worry that these conversations will be shared with the world.”

Mayorkas urged school leaders to tap into free federal resources from the Cybersecurity & Infrastructure Security Agency (CISA), including K-12 Digital Infrastructure Brief: Defensible & Resilient, to prevent and respond to ransomware attacks. However, education tech experts told the Biden administration that limited federal funds exist for them to tackle the influx of attacks against school districts that have limited budgets.

Biden Administration Outlines New Efforts to Strengthen K-12 Schools’ Cybersecurity

The White House also recently announced initiatives to address the growing problem, including grants and other support from technology providers, AP reports. Federal Communications Commission Chair Jessica Rosenworcel proposed a pilot program that would make $200 million available over three years to strengthen cyber defense in schools and libraries in tandem with other federal agencies with cybersecurity expertise.

“That’s a drop in the bucket,” said Keith Krueger, CEO of the nonprofit Consortium for School Networking, adding that several hundreds of millions should be made available annually.

The Education Department will also establish a Government Coordinating Council (GCC) that will coordinate activities, policies, and communications between federal, state, local, tribal, and territorial education leaders to strengthen cyber defenses and resilience.

“By facilitating formal, ongoing collaboration between all levels of government and the education sector, the GCC will be a key first step in the Department’s strategy to protect schools and districts from cybersecurity threats and for supporting districts in preparing for, responding to, and recovering from cybersecurity attacks,” said the White House.

CISA is also committing to providing tailored assessments, facilitating exercises, and delivering cybersecurity training for 300 new K-12 entities over the school year. The White House says CISA plans to conduct 12 K-12 cyber exercises this year and is currently soliciting exercise requests from government and critical infrastructure partners, including the K-12 community.

Lastly, the Federal Bureau of Investigations (FBI) and the National Guard Bureau will release updated resource guides to ensure state government and education officials know how to report cybersecurity incidents and can use the federal government’s cyber defense capabilities.

Several education technology providers are also committing to providing free and low-cost resources to school districts, including:

  • Amazon Web Services (AWS) is committing $20 million for a K-12 cyber grant program available to all school districts and state departments of education, free security training offerings tailored to K-12 IT staff, and no-cost cyber incident response assistance through its Customer Incident Response Team.
  • Cloudflare, through its Project Cybersafe Schools, will offer a suite of free Zero Trust cybersecurity solutions to public school districts under 2,500 students.
  • PowerSchool, a provider of cloud-based K-12 software, will provide new free and subsidized “security as a service” courses, training, tools, and resources to all schools and districts.
  • Google released its updated “K-12 Cybersecurity Guidebook” which discusses the most effective steps education systems can take to ensure the security of their Google hardware and software applications.
  • D2L, a learning platform company, is committing to providing access to new cybersecurity courses in collaboration with trusted third parties, extending its information security review for the core D2L integration partners, and pursuing additional third-party validation of D2L compliance with security standards.

For a full breakdown of the Biden Administration’s commitments, click here.

Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series