The Biden administration is putting cybersecurity training on the back-to-school list with an initiative to beef up tech safeguards.
On Tuesday, the White House convened school administrators, educators and companies to explore how best to protect schools and students’ information from cyberattacks. At least eight K-12 school districts across the country experienced significant cyberattacks in the last academic year, the White House said, leading to disruptions in learning. Cyberattacks have led to anywhere from three days to three weeks of learning loss, a 2022 U.S. Government Accountability Office report found, with recovery of that learning loss taking two to nine months.
In remarks at the beginning of the summit, Education Secretary Miguel Cardona said the average number of “unique education technology tools accessed per school district was over 2,500.”
“So when schools face cyber attacks, the impacts can be huge,” Cardona said. “We need to be taking the cyber attacks on school as seriously as we do the physical attacks on critical infrastructure.”
The White House announced a series of actions from federal agencies and commitments from companies to help school districts secure their digital information.
On the government side, the Federal Communications Commission proposed a pilot program that would provide up to $200 million over three years for reinforcing cyber defenses in K-12 schools and libraries. The money would be allocated from the Universal Service Fund, which has been used in part to provide internet access for schools.
The Cybersecurity and Infrastructure Security Agency (CISA) plans to help train and assess cybersecurity practices at 300 new “K-12 entities” in the upcoming school year. And the Federal Bureau of Investigation and National Guard Bureau will release new resources explaining how to report cybersecurity incidents.
Several companies joined in the initiative as well. Amazon Web Services committed $20 million to fund a cyber grant program for school districts and state departments of education. To apply for the grants, districts or departments must describe the relevant project they seek to work on and their intended goals.
When CNBC asked how AWS would evaluate grant applications, the company said it would consider how many students are served by the public school district, education agency or department and the scope of the proposed solution.
It will also conduct free security reviews for U.S. education technology companies that provide “mission-critical applications” for K-12 schools. And if districts are attacked, AWS said it will provide cyber incident response assistance at no cost.
Other companies joining the initiative included Cloudflare, Google and more. Cloudflare committed to offer cybersecurity solutions for free to public school districts with less than 2,500 students, cloud-based education tech company PowerSchool said it would provide free and subsidized “security as a service” courses to schools and districts and Google created a new “K-12 Cybersecurity Guidebook.”