The Cybersecurity and Infrastructure Security Agency (CISA) has released a new report and toolkit for K-12 institutions to help them better protect against cybersecurity threats.
CISA’s new report – Partnering to Safeguard K-12 Organizations from Cybersecurity Threats – provides recommendations and resources to help K-12 schools and school districts address systemic cybersecurity risk. The agency added that it also “provides insight into the current threat landscape specific to the K-12 community and offers simple steps school leaders can take to strengthen their cybersecurity efforts.”
“We must ensure that our K-12 schools are better prepared to confront a complex threat environment,” CISA Director Jen Easterly said in a press release. “As K-12 institutions employ technology to make education more accessible and effective, malicious cyber actors are hard at work trying to exploit vulnerabilities in these systems, threatening our nation’s ability to educate our children. Today’s report serves as an initial step towards a stronger and more secure cyber future for our nation’s schools, with a focus on simple, prioritized actions schools can take to measurably reduce cyber risk.”
Specifically, the report’s findings highlight the importance of resources, simplicity, and prioritization to effectively reduce cybersecurity risk.
To address these issues, CISA offered up three broad recommendations, as well as specific steps to help K-12 leaders build, operate, and maintain resilient cybersecurity programs.
First, K-12 schools need to invest in the most impactful security measures and build toward a mature cybersecurity plan by taking these three steps:
- Implement highest priority security controls;
- Prioritize further near-term investments in alignment with the full list of CISA’s Cross-Sector Cybersecurity Performance Goals (CPGs); and
- Over the long-term, develop a unique cybersecurity plan that leverages the NIST Cybersecurity Framework (CSF).
Schools also need to recognize and actively address resource constraints by:
- Working with the state planning committee to leverage the State and Local Cybersecurity Grant Program (SLCGP);
- Utilizing free or low-cost services to make near-term improvements in resource-constrained environments;
- Expecting and calling for technology providers to enable strong security controls by default for no additional charge; and
- Minimizing the burden of security by migrating IT services to more secure cloud versions.
Finally, CISA says schools need to focus on collaboration and information sharing by:
- Joining relevant collaboration groups, such as MS-ISAC and K12 SIX;
- Working with other information-sharing organizations, such as fusion centers, state school safety centers, other state and regional agencies, and associations; and
- Building a strong and enduring relationship with CISA and FBI regional cybersecurity personnel.
According to CISA, the new report serves as an initial step towards a “stronger and more secure cyber future” for K-12 schools. CISA is continuing to work with Federal partners, including the Department of Education, as well as other stakeholder to identify opportunities for cybersecurity progress and provide meaningful support that measurably reduces cyber risk.
CISA’s new online toolkit aligns resources and materials to each of CISA’s three recommendations and provides specific and detailed steps on how stakeholders can implement each recommendation based on their current needs.