Law Funding Cybersecurity Education For Children: Is It Possible?

The increasing adoption of advanced networking technologies by K-12 schools has introduced heightened cybersecurity risks. Schools are especially vulnerable to cyberattacks as they are data-rich environments with a wealth of student, teacher, parent, and administrative data. In 2021, there were 166 school incidents affecting schools in 162 school districts, and in 2022, at least 80% of schools across 14 nations were victims of ransomware attacks. To address this issue, several laws and bills have been introduced to provide funding for cybersecurity education and training programs in schools.

Cybersecurity education in K-12 schools

The importance of cybersecurity in K-12 schools cannot be overstated. As schools and school districts adopt advanced networking technologies to enhance learning and operational efficiency, they also expose themselves to heightened risks. K-12 schools have become attractive targets for cybercriminals due to the wealth of sensitive data they possess, including student records, administrative information, and even parent data such as Social Security numbers and credit card details.

To address this growing threat, Congress introduced the Cybersecurity Grants for Schools Act of 2022. This legislation aims to provide federal grants to state and local governments, empowering them to strengthen their cybersecurity curriculum and better prepare younger generations to face evolving cyber threats. The bill, introduced by Congressman Andrew R. Garbarino, recognizes the essential role of cybersecurity in safeguarding our nation's security and economic interests. By incorporating cybersecurity into the core curriculum, the next generation will be equipped with the knowledge and skills necessary to protect themselves and our nation's critical infrastructure.

The Cybersecurity Education and Training Assistance Program (CETA), operated by the Cybersecurity and Infrastructure Security Agency (CISA), plays a pivotal role in distributing cybersecurity resources and curricula to K-12 schools across the nation. CISA has been instrumental in providing expertise, guidance, and resources to strengthen the cybersecurity posture of educational institutions. They have also developed partnerships with law enforcement and communities to ensure the safety of students, staff, and parents.

Additionally, the State and Local Cybersecurity Grant Program (SLCGP) offers funding to eligible state, local, and territorial governments to bolster their cybersecurity defenses. This program, administered by the Federal Emergency Management Agency (FEMA), aims to reduce systemic cyber risks and enhance the resilience of critical infrastructure. The availability of funding through the SLCGP empowers schools and school districts to proactively improve their security measures and protect sensitive data from potential breaches.

Furthermore, the K-12 Cybersecurity Act of 2021 mandated CISA to assess the cybersecurity risks faced by elementary and secondary schools and develop guidelines to help schools mitigate these risks effectively. This act underscores the recognition of the challenges posed by cyber intrusions on our nation's ability to educate children and protect their personal information. It is imperative that schools stay vigilant and proactive in their cybersecurity efforts, leveraging available resources and partnerships to create a safe and secure learning environment for all stakeholders.

Cybersecurity funding for state and local governments

The State and Local Cybersecurity Grant Program (SLCGP) provides funding to eligible state, local, and territorial (SLT) governments to manage and reduce systemic cyber risk. The funding amount available for fiscal year 2024 is $279 million, a significant increase from the $185 million available in 2022 and $374 million in 2023. The program aims to improve the security of critical infrastructure and the resilience of the services SLT governments provide to their communities.

The U.S. Department of Homeland Security (DHS) has also made $1 billion in funding available through the SLCGP to state, local, and territorial governments, including school districts, over the next four years. This funding is intended to address cybersecurity risks and threats to information systems owned or operated by or on behalf of SLT governments.

In addition, the Cybersecurity Grants For Schools Act of 2022 authorises the CISA Director to award financial assistance in the form of grants or cooperative agreements to states, local governments, institutions of higher learning, and non-profit organisations. The purpose of this funding is to support cybersecurity and infrastructure security education and training programs and initiatives to carry out the purposes of CETAP (Cybersecurity Education and Training Assistance Program) and enhance CETAP to address the national shortfall of cybersecurity professionals.

The K–12 Cybersecurity Act of 2021 also plays a role in cybersecurity funding for state and local governments. This Act required CISA to report on cybersecurity risks facing elementary and secondary schools and develop recommendations, including cybersecurity guidelines, to help schools address these risks. CISA offers a variety of resources, programs, and tools to make schools safer for students, staff, and parents.

Furthermore, the Homeland Security Act of 2002 has been amended to provide for financial assistance to fund certain cybersecurity and infrastructure security education and training programs and initiatives. This amendment authorises the Director to award financial assistance in the form of grants or cooperative agreements to eligible entities to improve cybersecurity and infrastructure security.

Cybersecurity grants for schools act of 2022

In 2022, Congressman Andrew R. Garbarino introduced the "Cybersecurity Grants for Schools Act of 2022" to Congress. The bill was a response to the heightened concern for US cybersecurity following the military assault on Ukraine and the anticipated stronger cyber-attacks from Russia.

The Act would require the director of the Cybersecurity and Infrastructure Security Agency (CISA) to distribute federal funding to state and local schools, as well as financial aid to nonprofits, to improve cybersecurity education and training. The funding would be provided through the Cybersecurity Education and Training Assistance Program within CISA, which already distributes cybersecurity, STEM, and computer science curricula to K-12 schools.

The bill also aims to address the national shortfall of cybersecurity professionals by providing funding to institutions of higher learning. This would be done through the Scholarship for Service (SFS) program, which provides scholarships for up to three years of support for cybersecurity undergraduate and graduate education. In return for their scholarships, recipients must agree to work for the US government after graduation.

The "Cybersecurity Grants for Schools Act of 2022" passed the House Committee on Homeland Security, with Congressman Garbarino stating that "cybersecurity is essential for our national security and economic security." The bill received bipartisan support, with co-sponsors including Reps. John Katko, R-NY, and Dina Titus, D-Nev.

Cybersecurity education and training assistance program

The Cybersecurity Education and Training Assistance Program (CETAP) is a federal initiative in the United States that aims to strengthen cybersecurity education and training. The program provides financial assistance in the form of grants and cooperative agreements to eligible entities to address the national shortfall of cybersecurity professionals.

The Cybersecurity Grants for Schools Act of 2022 authorizes the distribution of federal funding to state, local, and territorial governments, as well as educational institutions and nonprofits, to enhance cybersecurity education and training. The act aims to incorporate cybersecurity into school curricula and improve the security of critical infrastructure.

The State and Local Cybersecurity Grant Program (SLCGP), administered by the Federal Emergency Management Agency (FEMA), is another key initiative. This program provides funding to eligible entities to address cybersecurity risks and threats to information systems owned or operated by government agencies. The U.S. Department of Homeland Security has committed significant funding to this program, totaling $1 billion over four years.

In addition to federal grants, there are also state-level initiatives and grants available to support cybersecurity education and training. The K–12 Cybersecurity Act of 2021, for example, focuses on protecting K–12 organizations from cyber threats and enhancing cybersecurity guidelines for elementary and secondary schools. CISA, the Cybersecurity and Infrastructure Security Agency, plays a crucial role in partnering with educational institutions and offering resources to safeguard students, staff, and parents.

Overall, the Cybersecurity Education and Training Assistance Program, through various legislative acts and grant programs, strives to improve cybersecurity education and address the talent shortage in the field. By providing financial support to eligible entities, the program aims to foster a stronger cybersecurity foundation for the nation's future.

Cyber attacks and the threat to children's education

In today's digital age, educational institutions face a growing threat from cyber attacks, which can compromise the safety and privacy of students and staff, disrupt educational operations, and result in severe consequences. Data breaches in the education sector are becoming increasingly common, with educational institutions managing sensitive data for hundreds or thousands of individuals. This data includes personal information such as names, addresses, and birth dates, login credentials, and financial details. As a result, educational institutions have become attractive targets for cybercriminals.

Phishing, a type of social engineering attack, is one of the most prevalent threats faced by schools and universities. These attacks involve cybercriminals sending deceptive messages that appear to be from trusted sources, such as the school administration or IT services. The emails often contain urgent requests or threats, tricking recipients into revealing sensitive information or compromising their accounts. The diverse population within educational institutions, including individuals who may not be familiar with cybersecurity practices, provides a large pool of potential victims for attackers to exploit.

Ransomware attacks are another significant concern for the education sector. In these attacks, cybercriminals encrypt data or systems and demand a ransom payment in exchange for their release. For example, in February 2023, the California Sweetwater Union High School District paid a $175,000 ransom after their systems were encrypted. However, the payment did not prevent the leak of data for more than 22,000 people. In another incident, the Hopewell Area School District in Pennsylvania fell victim to a ransomware attack in October 2023, exposing about 120 gigabytes of sensitive records, including photographs of children and educators' personal information.

To address the threat of cyber attacks and enhance the cybersecurity of educational institutions, several measures can be implemented. Firstly, comprehensive training and awareness programs should be prioritized to educate students, educators, and staff about cybersecurity practices and potential threats. This can help to reduce the likelihood of successful phishing attacks and other types of social engineering. Additionally, institutions should review and strengthen their security protocols and network infrastructure to prevent unauthorized access and data breaches. Implementing robust cybersecurity measures and regularly updating them can create a strong defense against cyber attacks.

Furthermore, to mitigate the impact of cyber attacks, educational institutions should consider investing in cyber insurance and establishing relationships with cybersecurity companies and experts. This can provide access to specialized resources and support during an incident, helping to minimize potential damage and facilitate a faster response and recovery. By proactively addressing the evolving threat landscape, educational institutions can better protect the privacy and safety of their students, staff, and sensitive data, ensuring a secure learning environment.

Frequently asked questions