Federal agencies should improve on coordinating school cybersecurity

Federal agencies should do a better job of coordinating the growing issue of school cybersecurity, the U.S. Government Accountability Office said in a report Monday.

K-12 schools face a range of cybersecurity dangers from actors motivated by the promise of monetary gain, the desire to steal data or simply to be disruptive, says the report.

Beginning in 2018, schools in most states have reported cyberattacks on their systems, with COVID-19-related remote learning protocols increasing their potential. Cyber threats have escalated over time, and are becoming “more sophisticated and pervasive,” the report says.

However, the precise magnitude of cyber incidents’ impact on K-12 is unknown, in part because there are no federal requirements for school districts to report incidents to federal agencies, the report says.

It says although the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency provides a variety of cybersecurity products and services to K-12 school districts, there are no formal channels for how agencies coordinate with each other or with the schools to address the issue.

The report’s recommendations include that the Secretary of Education, in consultation with CISA, establish collaborative mechanisms to coordinate cybersecurity efforts; develop metrics for obtaining feedback to measure cybersecurity-related products and services’ effectiveness; and coordinate how to best help school districts address the issue.