Bipartisan Bill Aims to Boost Cyber in K-12

Sens. Mark Warner, D-Va., and Marsha Blackburn, R-Tenn., joined Reps. Doris Matsui, D-Calif., and Zach Nunn, R-Iowa, to reintroduce bipartisan legislation that tasks the Cybersecurity and Infrastructure Security Agency (CISA) with establishing a school cybersecurity improvement program.

The Enhancing K-12 Cybersecurity Act aims to strengthen cybersecurity at America’s K-12 schools by promoting access to information, tracking cyberattacks nationally, and providing new cybersecurity resources.

The bill requires the director of CISA to establish a publicly accessible website – dubbed the School Cybersecurity Information Exchange – that will disseminate information, cybersecurity best practices, training, and lessons learned tailored to the specific needs, technical expertise, and resources available to K–12 organizations.

The new website will focus specifically on cybersecurity, data protection, remote learning security, and student online privacy, the legislative text reads.

The bill also requires CISA to include a database on the new website for schools to identify cybersecurity security tools and services funded by the Federal government, as well as tools and services recommended for purchase with state and local government funding. The database should also allow schools to find and apply for funding opportunities to improve cybersecurity.

“From ransomware to data breaches, cyberattacks targeting our K-12 schools are growing increasingly sophisticated and common, necessitating a robust response to keep our students and teachers safe,” said Rep. Matsui. 

“Cybercriminals are rapidly evolving their strategies to cause chaos and disruption, yet a lack of resources for our schools is forcing them to do more with less. The Enhancing K-12 Cybersecurity Act would establish a crucial roadmap to prepare our K-12 cyberinfrastructure for future attacks,” she said.

The bipartisan bill also calls for CISA to establishes a Cybersecurity Incident Registry to track incidents of cyberattacks on elementary and secondary schools. It will be a voluntary registry of information relating to cyber incidents affecting IT systems, and CISA will be tasked with determining the scope of cyber incidents to be included in the registry and processes by which incidents can be reported.

Lastly, the bill directs CISA to establish the K-12 Cybersecurity Technology Improvement Program. The program will develop cybersecurity strategies and tools tailored for K–12 schools, deploy cybersecurity services that enhance the ability of K–12 schools to protect themselves from ransomware and other threats, and continue training opportunities on cybersecurity threats, best practices, and relevant technologies.

The bill authorizes $10 million per year for fiscal years 2024 and 2025 to fund the K-12 Cybersecurity Technology Improvement Program.