WASHINGTON, D.C. – U.S. Senators Gary Peters (D-MI), Chairman of the Senate Homeland Security and Governmental Affairs Committee, and Rick Scott (R-FL) reintroduced bipartisan legislation to implement stronger cybersecurity protections for K-12 educational institutions across the country. Schools are responsible for securing a considerable amount of sensitive records related to their students and employees, including student grades, family records, medical histories, and employment information. The bill, which Peters and Scott previously introduced in the 116th Congress, will help educational institutions bolster their cybersecurity protections by instructing the Department of Homeland Security (DHS) to examine the risks and challenges that schools face in securing their systems. DHS would also be charged with creating cybersecurity recommendations and other voluntary resources for schools to use when implementing their cybersecurity solutions.
“Our nation’s K-12 schools are increasingly becoming targets for ransomware and other cyber-attacks because they store personal records related to their students, faculty and staff. Unfortunately, many school districts don’t have the all the necessary expertise or resources to protect this data and address these sophisticated attacks,” said Senator Peters. “This commonsense, bipartisan legislation will help ensure the federal government is providing schools and administrators with the information and tools they need to secure their networks and block bad actors from stealing sensitive personal information.”
“Americans deserve to have their private information protected. It’s unacceptable that bad actors would have access to networks containing the records and personal data of our students, educators and school employees – putting their safety at risk,” said Senator Scott. “I’m proud to reintroduce this legislation to bolster cybersecurity at our schools and ensure they have the resources needed to protect students and teachers’ personal information.”
Cyber-attacks on schools increased over the past year as Americans’ daily lives and classrooms moved online during the pandemic, including attacks against schools in Michigan. In one attack on Walled Lake Consolidated Schools, hackers successfully accessed records and posted information online. In 2018, Johannesburg-Lewiston Area Schools in Michigan were targeted by a malicious ransomware attack that temporarily shut down the district’s systems. In Florida, hackers successfully stole thousands of files from Broward County’s School District systems earlier this year.
The K-12 Cybersecurity Act directs DHS’s Cybersecurity and Infrastructure Security Agency (CISA) to work with teachers, school administrators, other federal departments and private sector organizations to complete a study of cybersecurity risks specific to K-12 educational institutions, including risks related to securing sensitive student and employee records and challenges related to remote-learning. Following the completion of that study, the bill directs CISA to develop cybersecurity recommendations and an online toolkit to help schools improve their cybersecurity hygiene. These voluntary tools would be made available on the DHS website along with other DHS school safety information.
The K-12 Cybersecurity Act has been endorsed by the Michigan Association for Computer Users in Learning, Consortium for School Networking, School Superintendents Association, National Association of Secondary School Principals and the American Federation of Teachers.
As Chairman of the Homeland Security and Governmental Affairs Committee, Peters has led efforts to bolster our nation’s cybersecurity defenses. As a part of the American Rescue Plan Act, Peters helped secure and enact nearly $2 billion to modernize and secure information systems critical to the federal pandemic response. The Senate, last month, also passed his provision to help protect our nation’s public water infrastructure technology systems, following recent attacks on water utilities. Peters also recently introduced bipartisan legislation to provide additional resources and better coordination for serious cyber-attacks against public and private networks. He has also convened two hearings with top federal cybersecurity officials to discuss recent breaches and attacks against American systems.