WASHINGTON, D.C. – Today, Congresswoman Doris Matsui (D-CA) and Representatives Jim Langevin (D-RI), John Katko (R-NY) and Andrew Garbarino (R-NY), introduced the Enhancing K-12 Cybersecurity Act, a bill to strengthen cybersecurity at America’s K-12 schools by promoting access to information, better tracking cyberattacks nationally, and providing new cybersecurity resources.

“Cyber threats have been on the rise across the nation, causing massive disruptions to critical institutions. It is imperative that America’s schools are prepared to address this growing threat,” said Congresswoman Matsui, Chair of the High-Tech Caucus and Vice Chair of the House Energy and Commerce Subcommittee on Communications and Technology. “Cyberattacks targeting schools have already forced class cancellations and exposed students’ sensitive personal information. As cyber criminals grow more sophisticated and aggressive, we must provide the resources and information necessary to protect our schools. The Enhancing K-12 Cybersecurity Act provides a roadmap and prepares our cyberinfrastructure for the threats of tomorrow.”

“As cyber incidents rise across the country, hackers have targeted our nation’s schools, disrupting students’ education and threatening their personal information,” said Rep. Jim Langevin, co-chair of the Congressional Cybersecurity Caucus. “We must do better to secure our schools’ networks and improve coordination between schools and cybersecurity experts like the professionals at CISA. The threat of cybercrime isn’t going away any time soon – I’m grateful to Congresswoman Matsui for introducing this vital bill to promote cybersecurity and defend our students and teachers from those seeking to do harm.”

“While cyber attacks on schools don’t often make national headlines, they are a present threat with the potential to cause serious disruptions,” said Rep. John Katko, Ranking Member of the House Committee on Homeland Security. “The rapid transition of our nation’s schools to remote learning last year showed us just how vulnerable these institutions are to cyber criminals. In my district, the Syracuse City School District previously fell victim to a costly ransomware attack that shut down their systems and severely disrupted operations. Ensuring education centers have easy access to reliable cybersecurity best practices and training tools is a necessary step toward improving their overall security posture.” 

“Thanks to the increase of malicious activity by cyber criminals, we as a country are in a position where we must rapidly ramp up cyber preparedness at all levels and across all sectors, including in our schools,” said Rep. Andrew Garbarino, Ranking Member of the Committee on Homeland Security’s Subcommittee on Cybersecurity, Infrastructure Protection, and Innovation. “My constituents and I witnessed the need for this firsthand when two school districts on Long Island suffered attacks earlier this year. Our children’s education is too important to be left vulnerable to cyberattacks. This bill will equip CISA to better share critical information, best practices, and training to K-12 schools as they work to improve their cyber posture in the face of growing threats.

Cyberattacks targeting schools are increasing in frequency and severity. These attacks have threatened students’ privacy and caused harmful classroom disruptions. Last June, the FBI issued a Private Industry Notification warning that “cyber actors are likely to increase targeting of K-12 schools during the COVID-19 pandemic.” As schools continue to rely on and expand the usage of digital platforms to engage students and enhance coursework, additional resources are needed to enhance cybersecurity and protect personal information.

This bill makes important K-12 cybersecurity improvements:

Cybersecurity Information Exchange

Directs the Cybersecurity and Infrastructure Security Agency (CISA) Director to establish a Cybersecurity Information Exchange to disseminate information, best practices, and grant opportunities to improve cybersecurity.

Cybersecurity Incident Registry

Establishes a Cybersecurity Incident Registry within CISA to track incidents of cyberattacks on elementary and secondary schools. Information submitted to the Registry is strictly voluntary and will help improve data collection to coordinate activities related to the nationwide monitoring of the incidence and financial impact of cyberattacks.

K-12 Cybersecurity Technology Improvement Program

Directs CISA to establish the K-12 Cybersecurity Technology Improvement Program to be administered through an information and analysis organization to deploy cybersecurity capabilities that will help address cybersecurity risks and threats to information systems of K-12 schools. This approach will capitalize on the existing services and expertise of organizations like MS-ISAC & others to ensure maximum impact of funds. The bill authorizes $10 million per year for FYs ‘22 & ‘23 to fund the Technology Improvement Program.

Full text of the Enhancing K-12 Cybersecurity Act can be found HERE.

Endorsing Organizations:

  • National Association of Secondary School Principals (NASSP)
  • National Association of Elementary School Principals (NAESP)
  • Council of Chief State School Officers (CCSSO)
  • National Association of State Chief Information Officers (NASCIO)
  • State Educational Technology Directors Association (SETDA)
  • Consortium for School Networking (CoSN)

# # #