Rebecca Koenig Interim Senior Editorial Director | EdSurge Research
Amid increasing reports of cyberattacks on educational institutions, recent federal budget cuts threaten the security frameworks vital to protecting student data. A concerning incident at the Beaverton School District in Oregon highlighted the vulnerabilities, where a help desk intercepted a scam call attempting to bypass their multi-factor authentication system. Stephen Langford, Beaverton’s Chief Information Officer, noted the increasing sophistication of cyber threats and expressed concerns over potential exploits using AI.
The incidences of cyberattacks on schools have escalated nationwide, with data indicating that 82% of K-12 schools experienced a cybersecurity incident last year. According to Doug Levin, national director of K12 Security Information Exchange, attackers often demand ransom after breaching and locking school computer systems. Additionally, confidential information is threatened with exposure or sale on the dark web, if these demands aren't met. Even vendors working with schools have become targets, posing a broader risk to educational data systems.
"Schools aren’t prepared for the absence of federal support," remarks Levin, pointing to the dissolution of key advisory groups such as the CISA K-12 cybersecurity advisory committee and the apparent inactivity of the Education Department's K-12 Cybersecurity Government Coordinating Council. These federal bodies were crucial in helping schools strategize against technological threats. Under the previous administration, these resources have dwindled, leaving schools without valuable insights into emerging cyber threats.
Several states have taken incursions seriously and promoted cybersecurity awareness within schools. Nonetheless, many districts lack the resources to fully leverage existing prevention measures, often depending on third-party support for cybersecurity needs.
Jim Corns, Executive Director of Information Technology for Baltimore Public Schools, compares the current situation to pre-2020, when the educational sector's technological response to cyberattacks was less coordinated. However, despite better local coordination through federal bodies like the Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), the federal workforce has experienced cuts, leaving schools like Beaverton vulnerable without federal supervision.
Post-2020 adjustments like shifting data storage onto vendors have mitigated direct risks. Yet, incidents like the recent PowerSchool breach reveal ongoing vulnerabilities. As Keith Krueger, CEO of the nonprofit Consortium for School Networking, warns, "These federal cuts are short-sighted and will be harmful to students, educators, and families immediately," highlighting the disproportionate effect on districts lacking local resources.
With the federal outlook uncertain, districts are left grappling with their cybersecurity measures. Though Langford praised the benefits of federal resources, diminished access to critical information like webinars leaves Beaverton’s cybersecurity team to fend for itself. Weekly cyber vulnerability scans and malicious IP address flagging are crucial, but their future availability remains unclear. This uncertainty, as Langford states, has left districts "living in the unknown right now."
Alerts Sign-up