White House to roll out array of cyber initiatives to bolster K-12 defenses

The Biden administration on Monday will announce a host of federal and private industry initiatives to strengthen the digital defenses of K-12 schools as educators across the country scramble for resources to fight a rising tide of cyberattacks.

The White House will host the “Cybersecurity Summit for K-12 Schools” this afternoon, featuring an array of education technology providers and superintendents. It comes after the most recent school year saw eight significant digital attacks, including four that forced schools to cancel classes.

The administration is “committed to taking real meaningful steps to ease the minds of parents” by securing digital infrastructure to “make it harder for bad actors” to steal the sensitive information of students and educators or security details that could endanger a school, Anne Neuberger, the deputy national security adviser for cyber and emerging technology, told reporters during a call on Sunday.

The breach earlier this year of the Minneapolis public school system, where hackers eventually posted stolen data on the dark web, was a “particularly vicious example” of the kinds of cyberattacks schools face, she added.

The focus on the education sector marks the latest effort by the White House to foster minimum cybersecurity standards for critical networks in areas that have been overlooked in the past, such as agriculture and healthcare.

Schools in particular have struggled to combat a growing roster of online threats due to a lack of funds, technical know-how and personnel.

“It's crystal clear: we must take cyberattacks on our schools just as seriously as we take physical attacks on critical infrastructure,” Deputy Education Secretary Cindy Marten told reporters. “That's why, as we head back to school, it's critical we bring everyone together so we can help ensure that our schools are well equipped with the necessary guidance and also support so that we can raise awareness of this issue.”

The commitments being rolled out today include:

• The Federal Communications Commission will create a pilot program to provide up to $200 million over three years to strengthen cyber defenses in K-12 schools and libraries.
• The Education Department will establish a Government Coordinating Council (GCC) to act as a conduit for collaborating between federal agencies and education organizations.
• The Cybersecurity and Infrastructure Security Agency (CISA) will provide training to 300 new K-12 entities, hold monthly digital exercises and issue updated guidance for institutions.
• Amazon Web Services will offer a $20 million K-12 cyber grant program to all school districts, as well as free security training and incident response assistance to entities that come under digital assault.
• Cloudflare will offer a suite of free Zero Trust tools to public school districts with under 2,500 students.
• Google will release an updated guidebook for schools on best security practices.

It’s unclear if the summit is a precursor to cyber regulations for the education sector, a step the administration is actively pursuing in other areas.

A senior administration official who briefed reporters on the initiative noted that White House had conducted a review across all critical infrastructure sectors to identify where the federal government had existing regulatory authority it wasn’t utilizing.

The education sector “was one sector where there was limited regulatory authority, which is why we are first starting with this event to catalyze action, equipping schools with knowledge, connecting schools, Education’s standing up of the GCC to bring schools together to focus on this, as well as enable schools to have those resources,” the official said.

“So that's the approach we're using now largely using the tools that we have at our disposal right now.”