A hacker published Clark County School District records, including employee Social Security numbers and student names, addresses and grades, after a ransomware attack on the school system in August 2020.
The bipartisan K–12 Cybersecurity Act of 2021, signed into law today by President Joe Biden, will give resources to school districts to help them protect themselves against cyberattacks.
“This is what we do best when we come together,” said Sen. Jacky Rosen, D-Nev., who co-sponsored the bill following the attack on Clark County School District, the fifth largest school district in the United States. “It’s going to direct the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency to do a deep dive to report on vulnerabilities in school districts across the country.”
The agency will study challenges schools face in keeping their information systems and sensitive student and employee records safe, the bill states.
"Cyber Security issues have affected public schools throughout the nation and CCSD works to make sure our students, their families, and district employees' information is secure from cyber criminals,” the district said in a statement.
The criminal data breach against CCSD was “unacceptable,” Rosen said. After the district refused to pay a ransom, the hacker published the sensitive documents online.
Other vulnerable entities across the country also have become victims of ransomware attacks, which are happening more frequently, Rosen said. In such attacks, hackers lock up computer data and demand a ransom to release it.
In 2020, 1,681 schools, colleges and universities in the U.S. and 560 health care facilities were victims of ransomware attacks, according to the Emsisoft Malware Lab.
University Medical Center reported a hacking incident this summer that impacted about 1.3 million people. The victims’ driver’s license, Social Security and passport information was compromised when hackers accessed a server, officials said in June.
“We have to do everything we can to make sure we’re proactive at this,” Rosen said.
Over the next year, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency will give superintendents across the country information about resources and online tools to prevent attacks.
School staff can also attend webinars and presentations on how to protect themselves by taking measures such as changing passwords, Rosen said.
Rosen said she has some other cybersecurity-related bills in the pipeline, including one that will help protect the country’s power grid and other infrastructure.
Another bill will provide cyber training to the Junior Reserve Officers’ Training Corps.
Rosen and other senators also introduced a bipartisan resolution designating this month as National Cybersecurity Awareness Month, which will raise awareness and enhance the state of cybersecurity in the country, according to the resolution.
“Many aspects of our daily life depend on the internet,” Sen. Bill Cassidy, R-La., who also introduced the resolution, said in statement. “Cybersecurity Awareness Month is a reminder that we need to be constantly improving our defenses against new cyber threats.”