CISA prioritizing on-site K-12 cybersecurity reviews this school year

Sen. Maggie Hassan, D-N.H., convened a field hearing in New Hampshire Monday to detail the cybersecurity assistance and resources that CISA would offer the nation's school systems.

Sen. Maggie Hassan, D-N.H., convened a field hearing in New Hampshire Monday to detail the cybersecurity assistance and resources that CISA would offer the nation's school systems. Scott Eisen / GETTY IMAGES

The nation’s cyber defense agency is aiming to work with schools “where they’re at instead of where they should be.” 

Officials from the Secret Service and Cybersecurity and Infrastructure Security Agency told school administrators Monday they are prepared to provide both prevention and response assistance for emerging cyber threats increasingly targeting the nation's school systems. 

Sen. Maggie Hassan, D-N.H., chairwoman of the Homeland Security and Governmental Affairs subcommittee on emerging threats and spending oversight, convened a field hearing in New Hampshire with several of the state's chief technologists and school officials. 

Richard Rossi, a CISA cybersecurity advisor based in New Hampshire, testified that his team has been prioritizing on-site cybersecurity assessments to identify vulnerabilities and provide mitigation guidance for impacted schools and districts this school year. 

The assessments can encompass a wide range of individualized reviews and actions, from preventing cyber-enabled fraud schemes to combating ransomware attacks and other digital intrusions. 

"We take a look at where a district is [and] work with them where they're at instead of where they should be, and help get them on a roadmap to progress them towards a more secure posture," Rossi said at the hearing, held at the New Hampshire Institute of Politics at St. Anselm College. 

Recent reports indicate schools are a top target of ransomware attacks and experienced a 44% spike in cyberattacks in 2022 compared to the prior year. 

Rossi said CISA strongly encourages each school system to bring in their entire senior leadership team to the debriefing sessions "to make sure that everybody has skin in the game," adding: "To conquer this is going to be a cybersecurity culture change." 

The hearing was held amid a federal push to better secure the nation's K-12 schools – seen as "target rich, cyber poor" entities among cybercriminals, according to CISA – from increased attacks and emerging digital threats. Earlier this month, the White House held the first federal summit aimed at addressing cybersecurity in U.S. schools, and announced a slate of new initiatives and free resources for school systems nationwide. 

“If we want to safeguard our children’s futures we must protect their personal data,” First Lady Jill Biden, a longtime educator, said at the summit. "Every classroom should be enriched by new technologies ... and every family should know its information will stay safe and secure."

The nation's cyber defense agency announced at the summit that it would provide K-12 schools with new cybersecurity training and exercises over the coming year, in addition to newly-announced private sector initiatives, like Amazon Web Services' $20 million grant program to provide schools with no-cost cyber incident response assistance. 

Other federal agencies have also stepped up their engagement with schools around cybersecurity, including the Secret Service, which oversees electronic crimes task forces and other teams that can help identify cybercriminals and prevent data breaches and other digital crimes. 

Timothy Benitez, a Secret Service resident agent in charge of Manchester, New Hampshire, testified that the agency can help provide schools with coordination assistance when responding to cyber incidents, as well as obtain Indicators of Compromise and other evidence to identify individuals behind cyberattacks. 

"It's important to cooperate and coordinate, and don't be afraid to share this information," Benitez said. "It's really an individual defense and a national security defense."