A pair of U.S. House members last week asked Education Secretary Miguel Cardona to take actions to help K-12 school districts invest in cybersecurity measures to improve their defenses against ransomware, phishing and other threats that continue to target the education sector.
In a letter, Democratic Reps. Jim Langevin of Rhode Island and Doris Matsui of California asked Cardona to issue “immediate guidance” clarifying that school districts can use the federal funding provided in multiple rounds of coronavirus relief legislation on security products.
Both the $2.2 trillion CARES Act, passed March 2020, and the supplemental relief package last December funded two programs — the Elementary and Secondary School Emergency Relief, or ESSER, Fund, and the Governor’s Emergency Education Relief, or GEER, Fund — that allowed schools to purchase hardware, software and internet service to keep teachers and students connected as online learning became the norm. In their letter, Langevin and Matsui wrote that Cardona should make it clear to recipients of this money that it can be used for security purchases.
“While schools can reasonably interpret this text to indicate cybersecurity costs would be considered eligible expenses, written guidance from the Department to that effect will ensure schools have the information they need to make informed decisions about how to use these funds,” the letter read.
The American Rescue Plan, which President Joe Biden signed last month, includes another $122 billion for the ESSER Fund.
Matsui and Langevin, a co-chairman of the Cybersecurity Solarium Commission — a bipartisan study group whose March 2020 report fed much of the cyber-related language in last year’s defense authorization bill — teamed up last year to propose legislation that would’ve taken several steps at the federal level to bolster K-12 IT security. That bill would’ve directed the Cybersecurity and Infrastructure Security Agency to create a clearinghouse for information and best practices pertaining to the K-12 sector and a national registry of cyberattacks affecting the education sector. It also would’ve created a $400 million grant program at the National Science Foundation to grow cybersecurity workforces in schools.
A report last month from the K-12 Cybersecurity Resource Center found that cyberattacks against primary and secondary schools rose by 18% in 2020 to at least 408 incidents. Those incidents spanned a range of threats, including ransomware, denial-of-service and phishing against both school districts and their IT vendors.
At the time of the report’s release, Langevin said he and Matsui plan to reintroduce their legislation in the current House session.