House lawmakers roll out legislation to protect schools against hackers

House lawmakers roll out legislation to protect schools against hackers

A group of bipartisan House members led by Rep. Doris MatsuiDoris Okada MatsuiNearly 140 Democrats urge EPA to 'promptly' allow California to set its own vehicle pollution standards Former Cummings staffer unveils congressional bid Hillicon Valley: Senate unanimously confirms Chris Inglis as first White House cyber czar | Scrutiny mounts on Microsoft's surveillance technology | Senators unveil bill to crack down on cyber criminals MORE (D-Calif.) on Thursday introduced legislation intended to protect K-12 institutions from cyberattacks, which spiked during the COVID-19 pandemic. 

The Enhancing K-12 Cybersecurity Act would appropriate $10 million yearly for the next two years to fund a K-12 Cybersecurity Technology Improvement Program to protect school networks from security risks. The program would be established by the Cybersecurity and Infrastructure Security Agency (CISA) and run by an information sharing organization.

The bill would also direct CISA to establish a cybersecurity incident registry within the agency to track cyberattacks on K-12 institutions and requires CISA to establish a cybersecurity incident exchange program to help schools share best practices and increase security of critical systems.

ADVERTISEMENT

Other sponsors include Rep. Jim LangevinJames (Jim) R. LangevinBiden celebrates anniversary of Americans with Disabilities Act Cybersecurity bills gain new urgency after rash of attacks Senate unanimously approves Jen Easterly to lead DHS cyber agency MORE (D-R.I.), chairman of the House Armed Services Committee’s cybersecurity subcommittee, along with House Homeland Security Committee ranking member John KatkoJohn Michael KatkoGOP brawls over Trump on eve of first Jan. 6 hearing Senators introduce bipartisan bill to secure critical groups against hackers House erupts in anger over Jan. 6 and Trump's role MORE (R-N.Y.) and Rep. Andrew Garbarino (R-N.Y.), ranking member of the House Homeland Security Committee’s cybersecurity panel. 

The bill was previously introduced by Matsui and Langevin last year, but it never got a vote in the House.

The previous version would have established a $400 million grant program at the National Science Foundation to improve infrastructure and the cybersecurity workforce to help protect K-12 institutions against malicious hackers. 

A congressional source told The Hill that the program had been modified due to stakeholder feedback. Other changes due to this feedback included changing the language to potentially allow for more collaborative information sharing between schools. 

Matsui on Thursday described the legislation as providing a “roadmap” to protect schools against escalating cyberattacks. 

ADVERTISEMENT

“Cyber threats have been on the rise across the nation, causing massive disruptions to critical institutions,” Matsui said in a statement provided to The Hill. “It is imperative that America’s schools are prepared to address this growing threat.”

“Cyberattacks targeting schools have already forced class cancellations and exposed students’ sensitive personal information,” she added. “As cyber criminals grow more sophisticated and aggressive, we must provide the resources and information necessary to protect our schools.”

K-12 institutions have increasingly been targeted by hackers in recent years, with these institutions seen as more vulnerable due to aging systems. 

Ransomware attacks have become a particular nightmare over the COVID-19 pandemic, with cyber criminals identifying K-12 institutions dependent on online learning as more likely to pay ransoms to decrypt systems and prevent disruption of classes.

The phenomenon of “Zoombombing,” which involves individuals interrupting classes with inappropriate images or language, also became a headache for schools.

School districts across the nation saw classes interrupted during 2020 by cyberattacks, including those in Miami-Dade County, Fla.; Baltimore County, Md.; and Fairfax County, Va., among many others. The K-12 Cybersecurity Resource Center tracked 408 cyber incidents that hit U.S. K-12 institutions over the last year, a number the group described as “record-breaking.”

Langevin in March teased the reintroduction of the legislation, tweeting that he “strongly” supported the bill, and that “promoting information sharing with @CISAgov & providing resources for local officials to modernize critical systems will make us more secure in the Information Age.”

Additionally, Matsui and Langevin sent a letter to Education Secretary Miguel CardonaMiguel CardonaBiden celebrates anniversary of Americans with Disabilities Act Biden's Education Department must choose accountability or a 'Marbury v. Madison' moment Biden administration cancels .6M in student loan debt for fraud victims MORE in April urging him to take action to defend K-12 institutions from cyberattacks. 

“To help ensure schools are keeping pace with the demands of the modern classroom, we urge you to issue guidance that will allow K-12 schools to make needed investments in increased cybersecurity measures,” they wrote.