[ad_1]
What GAO found
Kindergarten through 12th grade (K-12) schools have reported significant educational impacts from cybersecurity incidents such as ransomware attacks. Cyber-attacks can also result in financial losses to targeted schools due to the downtime and resources required to recover from an incident. State and local officials report that learning losses after cyberattacks range from three days to three weeks, and recovery times he ranges from two to nine months. Although the exact national scale of cyberattacks on K-12 schools is unknown, research organization Comparitech reported the number of students affected by ransomware attacks between 2018 and 2021 (Fig. ).
US Students Affected by Ransomware Attacks on K-12 Schools and Districts, 2018-2021
Federal guidance, such as the National Infrastructure Protection Plan (National Plan), establishes roles and responsibilities for protecting the nation’s critical infrastructure, including the education subsector. Specifically, the Ministry of Education (Education) is the subsector lead agency or sector risk management agency. As such, the Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Education and Homeland Security will coordinate K-12 cybersecurity efforts with federal and nonfederal partners. Additionally, the FBI is supposed to provide support for criminal investigations.
Education and CISA provide cybersecurity-related products and services, including online safety guidance, to K-12 schools. However, he otherwise has little to no interaction with other agencies or his K-12 community regarding school cybersecurity. This is partly due to education not establishing a government coordinating council as required by the national plan. Such councils can facilitate ongoing communication and coordination among federal agencies and with her K-12 community. This will allow federal agencies to better serve her K-12 school’s cybersecurity needs. Regarding the products and services they provide to schools, Education and CISA do not measure their effectiveness. Doing so will provide more information about the needs of the school.
Why GAO did this study
The COVID-19 pandemic has forced schools across the country to rely more on IT to guide their students. This amplified the vulnerability of K-12 schools to potentially serious cyber-attacks. Several federal agencies are tasked with increasing the protection of the nation’s critical infrastructure, including the educational facilities subsector.
GAO was commissioned to review cybersecurity in K-12 schools. The purpose of this report is to (1) determine what is known about the impact of cyber incidents, and (2) engage other major federal agencies to help K-12 schools combat cyber threats. is to determine the extent to which they are aligned with federal and non-federal organizations.
To do so, GAO analyzed publicly reported K-12 cyber incidents and related documents. In addition, GAO has identified legislation and federal guidance establishing roles and responsibilities for coordinating K-12 cybersecurity. GAO also interviewed officials from federal agencies and some state- and local-level school-related organizations about the impact of the cyber incident and the level of federal cybersecurity support they received.
[ad_2]
Source link