OFFICIALS LEGISLATION INTEREST GROUPS PUBLIC STATEMENTS COMMITTEES VETOES

Letter to Miguel Cardona, Secretary of Education - With Cyberattacks on the Rise, Warner & Collins Urge Department of Education to Empower Schools to Bolster Cyber Defenses

Letter

Date: June 17, 2021
Location: Washington, DC
Issues: National Security Technology and Communication Executive Branch K-12 Education Government Budget and Spending

Dear Secretary Cardona:

We write today regarding the continued need to prioritize cybersecurity efforts in the context of our nation's school systems. You know better than anyone the dramatic ways the COVID-19 public health crisis has affected how students learn. Experts agree that the increased reliance on online learning programs is likely to far outlast the pandemic. While online learning offers an abundance of positive opportunities for educators and students, without proper cybersecurity defenses, our nation's education systems face formidable risks. School districts have a unique opportunity to use COVID-19 relief funds to revamp their cybersecurity systems. Therefore, we strongly urge the Biden Administration to publicize guidance stating allowable Elementary and Secondary School Emergency Relief Fund (ESSER) and Governor's Emergency Education Relief Fund (GEER) monies can be spent on cybersecurity resources and engage with school districts to increase awareness of the critical need for prioritizing stronger cybersecurity measures.

The pandemic has changed daily life for almost everyone in many ways; perhaps, there is no clearer example than the sudden shift to remote learning for students of all ages across the country. Census data shows that nearly 93% of people in households with school-age children reported their children were engaged in some form of "distance learning" over the past year. While the distribution of COVID-19 vaccines has significantly slowed the spread of the virus, some remote learning is likely to continue, with hundreds of the nation's 13,000 school districts having already created virtual schools intended to operate well into the pandemic's aftermath. Even as our nation's schools fully return to in-person learning, cybersecurity risks will still be plentiful in the technology-dependent modern learning environment.

With the shift to online instruction, school districts are now incredibly vulnerable to cybersecurity threats. Last fall, Virginia's Fairfax County Public Schools, the 11th largest school district in the nation, was the target of a cybersecurity breach and ransomware incident that included theft of protected information. This incident is far from an outlier. A report from the United States Government Accountability Office (GAO) released in September 2020 stated more than 17,000 public school districts and approximately 98,000 public schools throughout the U.S. had experienced breaches that resulted in the disclosure of personal information since 2016.

School systems must have strong cybersecurity resources available to protect themselves against cyber and ransom attacks. With the increasingly persistent attacks on our schools, they simply cannot wait until they are a target to take action.

The COVID-19 relief bills Congress passed over the past year allocated millions to ESSER and GEER funds, which can be used for this purpose. In total, these bills included almost $200 billion for ESSER and over $7 billion for GEER. These available funds provide schools with a unique opportunity to invest in cybersecurity resources. While we understand schools must divide these funds across various crucial concerns, the pandemic has catapulted our school systems to an inflection point where investment in cybersecurity is now more critical than ever.

We have heard from school districts unsure whether they can use relief funds for this purpose. We greatly appreciate the Department of Education recently issuing a "Frequently Asked Questions" document, which confirms they can be used to improve cybersecurity "to better meet educational and other needs of students related to preventing, preparing for, or responding to COVID-19." We respectfully ask that the Administration take steps to publicize this information and help school districts understand the importance of using funding for cybersecurity efforts, including by promulgating lists of recommended cybersecurity benchmarks that additional resources could help school districts attain. Specifically, we urge the Education Department to issue public guidance clearly stating that states and local education authorities (LEAs) can use ESSER or GEER funds to improve cybersecurity, with guidance on suggested spending priorities to address the endemic threat of ransomware disproportionately impacting school systems. We also ask that the Department develop a plan to make sure school districts are aware of this allowable use and engage with LEAs to ensure they understand the importance of these resources.

We implore the Administration to recognize the urgent national need to prioritize cybersecurity in our nation's education systems. Because of the relief funding Congress has provided over the past year, we have a real opportunity to address accumulating cybersecurity risks in schools. We encourage the Administration to ensure school systems are aware of this use for these funds and engage with LEAs, so they are equipped to take on this challenge.

Again, thank you for your attention to this matter. We greatly appreciate your efforts on behalf of our nation's students, and we look forward to continuing work together as our systems grapple with the aftermath of the pandemic.

Sincerely,


Source
arrow_upward