Warner pushes for measures to reinforce cybersecurity in public schools
U.S. Sen. Mark R. Warner (D-VA) is raising alarm regarding the need to protect education infrastructure from cyber-attacks following a ransomware incident at Fairfax County Public Schools, the largest school system in Virginia.
In a letter to Education Secretary Betsy DeVos, Sen. Warner urged the U.S. Department of Education to develop guidance and disseminate best practices for K-12 schools and institutions of higher education and to work with school districts to develop a comprehensive, risk-based funding request from Congress.
“A ransomware attack on a school system in normal times can be disruptive and costly; in the context of a global public health emergency, with unprecedented reliance on remote learning, it is debilitating,” wrote Sen. Warner. “Sophisticated cyber-attacks and more opportunistic forms of malware, like ransomware, are widespread today and require sustained vigilance. Defending against these persistent attacks requires a consistent and holistic approach. The public sector is particularly at risk given constrained state and local budgets.”
“I recommend providing schools with guidance that includes awareness campaigns, risk management, threat mitigation, cybersecurity posture reviews, and resiliency. Awareness campaigns for both educators and students can focus on the importance of recognizing threats, such as phishing attacks, ransomware, malware, and social engineering methods. Regular evaluations can determine the effectiveness of awareness campaigns to address any gaps. Threat mitigation includes developing sufficient safeguards to ensure data security and access control,” he continued. “Detection capabilities are also needed to continuously monitor for anomalies and cybersecurity events. Schools should review these capabilities, plus their readiness to respond and recover from attacks. For example, tabletop exercises can validate processes and test procedures used before, during, and after an attack. Cyber resiliency ensures systems have an ability to continue operating in case of attack, while full restoration takes place. Many of these objectives will require new funding from Congress, particularly in the wake of the devastating impact COVID-19 has had on school system budgets.”
Fairfax County Public Schools, which serves nearly 200,000 students and employs over 24,000 employees, was recently the target of a ransomware attack that involved the theft of protected information.
In his letter, Sen. Warner pressed Sec. DeVos to work to adapt available cybersecurity guidance from the National Institute of Standards and Technology (NIST) and the Cybersecurity and Infrastructure Security Agency (CISA) to school systems. Stressing the need for robust cybersecurity education, Sen. Warner also pushed Sec. DeVos to disseminate best practices to states and localities seeking to teach cybersecurity in the K-12 setting.
Additionally, Sen. Warner urged the Department of Education to work with educators, industry, and CISA to encourage a consortium or Information Sharing and Analysis Center (ISAC) for K-12 schools to exchange cybersecurity threat information and best practices for defense that are tailored to account for capabilities and constraints of K-12 schools.