State lawmakers and governors across the country are seeking to combat the spike in sophisticated cyberattacks on schools, enacting nearly twice as many new cybersecurity laws with implications for education last year as they did the year before, concludes a new report from the Consortium for School Networking.
Many of the new laws aim to ensure that K-12 officials are addressing cybersecurity, or seek to connect districts with greater technical expertise, found CoSN, a membership organization for district education technology officials. But only a handful provide new money to help schools meet their cybersecurity needs.
“I think the good news is the policymakers are waking up [to the fact] that this is an endemic problem for school districts,” said Keith Krueger, CoSN’s executive director. “But there just hasn’t been a big investment yet, in terms of cybersecurity.”
Schools’ cybersecurity needs are bigger than ever, Krueger said. He pointed to a recent report from S&P Global, a credit rating agency, that called K-12 schools in the United States a “playground for cybercriminals.” To make matters worse, only about a third of districts have a full-time staff member dedicated to cybersecurity, CoSN reported in its annual survey.
Governors in 33 states signed 75 cybersecurity laws that have education implications last year. That’s more than twice as many as in 2022, when states enacted 37 such laws. What’s more, legislators in 42 states introduced 307 cybersecurity bills that at least touched on education last year. That’s more than three times as many cybersecurity bills with a K-12 twist as in 2020, when 87 such bills were introduced.
Many of the new laws call for K-12 officials to step up or continue their focus on cybersecurity. For instance:
- Arkansas called for annual reviews and updates to schools’ cybersecurity policies.
- California now requires its Cybersecurity Integration Center, which helps prevent and handle cyberattacks, to coordinate and provide information to school districts.
- Illinois established a task force charged with developing model policies for schools for addressing the role of artificial intelligence in education, including its cybersecurity implications.
- Maryland called for virtual schools to provide cybersecurity policy information to parents.
- New Mexico now requires educational technology plans that describe cybersecurity protections to be shared with the state education department.
To be sure, some states did approve new money for K-12 cybersecurity. Texas, for instance, provided more than $54 million in such funding and called on the state education agency to establish standards for electronic devices and software in school districts. And Minnesota allocated $24 million in grants to help public and charter schools improve both building and cyber security.
There’s also a push at the federal level to secure cybersecurity funding for K-12, including through a $200 million, three-year-pilot program proposed by Jessica Rosenworcel, the chair of the Federal Communications Commission.
That pilot will help, though the $200 million is relatively small compared to the scope of the problem, Krueger said.
When it comes to K-12 cybersecurity, “we got to think bigger,” Krueger said. “We got to think stronger. We got to move faster.”