K-12 Cybersecurity Act: Federal government seeks to improve security for U.S. educational institutions – Tech

United States: K-12 Cybersecurity Act: Federal government seeks to improve the security of American educational institutions

To print this article, simply register or connect to Mondaq.com.

On October 8, 2021, President Biden signed the bipartisan K-12 Cybersecurity Act of 2021 (the “Act”) in response to K-12 educational institutions facing cyber attacks across the United States. Types of cyber incidents targeting K-12 information systems include denial of service, phishing, ransomware and malware, and other unauthorized disclosures of personal information.

While the law itself does not detail specific requirements for K-12 educational institutions, it seeks to address the growing risk of cybersecurity incidents by authorizing the Director of the Cybersecurity and Infrastructure Security Agency (CISA) to conduct a study on the specific cybersecurity risks currently facing K-12 educational establishments. The director has 120 days from the enactment of the law to complete the study. The principal will then have an additional 60 days to issue recommendations including cybersecurity guidelines to help K-12 educational institutions respond to the cybersecurity threats outlined in the principal’s study. Along with the cybersecurity recommendations, CISA will develop an online training toolkit to educate school officials about the recommendations and to facilitate the implementation of the recommendations by providing strategies for managers to take such action.

A major aspect of the law is that K-12 educational institutions are not required to follow the guidelines set out by the principal, but rather that the guidelines are only recommendations that schools do. Kindergarten to 12th grade education are encouraged to implement or use. While the guidelines may be adopted by K-12 educational institutions on a voluntary basis, K-12 educational institutions should not take them lightly. According to the K-12 Cybersecurity Resource Center, approximately 1,100 cybersecurity incidents have been publicly reported by K-12 educational institutions since 2016. In 2020, over 400 cybersecurity incidents were publicly reported by educational institutions. K-12, an increase of 18.% from 2019. Additionally, cybersecurity incidents or breaches can often be time consuming and costly. The final phase of the law will hopefully mitigate potential risks by implementing programs and protocols to attempt to thwart an incident or violation, as well as providing training on the appropriate protocols to use when an incident occurs. or a violation occurs, thereby engaging in proactive cost management.

With the signing of the law by President Biden and the increased focus on cybersecurity by state lawmakers (v. Information security programs, including training and educating staff and students on the current cybersecurity risks, updating incident response plans and implementing administrative, technical and physical protection measures necessary for their information systems, in addition to prioritizing endpoint security on goods, such as laptops, tablets and other e-learning systems, especially given the increasingly changing social climate online in light of the COVID-19 pandemic.

The content of this article is intended to provide a general guide on the subject. Specialist advice should be sought regarding your particular situation.


Comments are closed.