Days before this legislative session ends, Gov. Gavin Newsom signed a bill that will require K-12 school districts to report cyberattacks that impact over 500 students.
The California Cybersecurity Integration Center must then create a database that will track the number of reported cyberattacks on schools. Annually, by Jan. 1, the center must provide a record to the governor entailing specified information about the data breaches of local educational agencies.
Newsom has signed this bill only a few weeks after one of the nation’s largest K-12 systems – Los Angeles Unified School District – suffered from a ransomware attack that shut down their systems and required every student, teacher, and staff member to change their password. As the school district continues to recover from the attack, Superintendent Albert Carvalho said there’s no evidence that students’ confidential information has been breached.
Democratic Assemblymember Rudy Salas introduced the new, education-specific bill and cited evidence that The Golden State’s school districts have experienced more than 25 cyberattacks since 2016.
The Cybersecurity and Infrastructure Security Agency recently released an advisory, warning K-12 schools that they may be at increased risk of attacks due to vulnerabilities in their systems towards to beginning of the school year – especially post-pandemic.
California will join several other states in requiring cyber incident reporting, including the Biden-Harris Administrations’ K-12 Cybersecurity Act of 2021.
The California school cybersecurity bill will sunset in 2027.