First Lady Jill Biden, senior administration officials, school district heads and technology company executives will convene at the White House Tuesday to kick off a new cybersecurity defense initiative as schools increasingly fall victim to crippling ransomware attacks.
The Education Department will launch a coordinating council to provide formal collaboration between government officials and district leaders to help schools strengthen their cybersecurity capabilities in the face of attacks that have closed campuses and exposed highly sensitive student and educator information online. The effort was announced by senior Biden administration officials on a press call Sunday evening.
The council is being billed as the department’s “key first step” in a renewed focus on cybersecurity after multiple districts — including in Los Angeles and Minneapolis — were targeted by cyber gangs.
At the White House event, federal officials will hear from school district leaders who navigated attacks, including Los Angeles Unified School District Superintendent Alberto Carvalho, who led America’s second-largest school system through a hack last September. That breach, an investigation by The 74 revealed, exposed thousands of current and former students’ highly sensitive psychological evaluations on the dark web.
In addition to the first lady, others expected to attend the White House summit include Education Secretary Miguel Cardona, Homeland Security Secretary Alejandro Mayorkas and Federal Communications Commission Chairwoman Jessica Rosenworcel.
Anne Neuberger, the deputy national security advisor for cyber and emerging technologies, said the administration seeks to help school districts protect sensitive information about students, parents and educators. In March, a ransomware attack against Minneapolis Public Schools led to a data breach that exposed more than 189,000 files, including records related to sexual misconduct investigations, child abuse reports and district physical security information that’s typically kept private.
Neuberger called the Minneapolis breach “a particularly vicious example,” citing the disclosure of closely held school security information, which was first revealed in an investigation by The 74.
Teams of federal cybersecurity experts will visit schools and help them create incident response plans, said Neuberger, adding that districts — particularly small ones — often lack the money and resources to adequately prepare for attacks.
Schools are now the single leading target for hackers, outpacing health care, technology, financial services and manufacturing industries, according to a global survey of IT professionals released last month by the British cybersecurity company Sophos.
Cindy Marten, the deputy secretary of education, said that government officials and school leaders must make school cybersecurity a priority at the same level as physical infrastructure. She said she experienced firsthand how districts and the federal government can work together to mitigate the harm from attacks. Carvalho reached out to the Education Department after the Los Angeles district was hacked, Marten said, making clear the importance of partnerships.
It can take as long as nine months for districts to recover from cyberattacks, according to a 2022 Government Accountability Office report, and can cost them as much as $1 million to respond.
Several technology companies have also committed to offer schools “free and low-cost resources.” Amazon Web Services pledged to provide $20 million for a K-12 cyber grant program, free security training and incident response help. Meanwhile, Cloudflare will offer free cybersecurity tools to small districts with 2,500 or fewer students.
Other federal commitments announced Monday include a guide from the Federal Bureau of Investigation and the National Guard Bureau to help schools report cybersecurity incidents and tap into federal cyber defense expertise.
Last month, the Federal Communications Commission proposed a $200 million grant program to help districts bolster cybersecurity.