October is National Cybersecurity Awareness Month
Each day, the internet is used at education agencies to access educational content and curriculum, attendance reporting systems, email and other communication systems, research databases, payroll, and many other business functions. This online access can enhance the learning environment, but also increases the risk of a cybersecurity breach or attack by the user’s online practices. As evidenced by the rise in ransomware and other cyber attacks on education agencies, it is critical for education agencies to engage their community, promote positive and lasting cybersecurity habits, and incorporate cybersecurity into their emergency management planning efforts.
Cybersecurity and Emergency Management Planning
Common cybersecurity threats that education agencies face include data breaches, cloud security, denial of service, malware/scareware, phishing/spoofing, unpatched or outdated software vulnerabilities, removable media, and unsecure personal devices. To protect personally identifiable information (PII) and networks, prevent and mitigate cybersecurity breaches, and prepare for the effective response and recovery if an attack occurs, education agencies and their emergency management planning teams can pre-plan for these cybersecurity threats using the six-step planning process outlined in The Role of Districts in Developing High-Quality School Emergency Operations Plans: A Companion to the School Guide, the Guide for Developing High-Quality School Emergency Operations Plans, and the
Guide for Developing High-Quality Emergency Operations Plans for Institutions of Higher Education. Comprehensive emergency operations plans (EOPs) should contain a Cybersecurity Annex.
The REMS TA Center’s EOP ASSIST software application (app) allows K-12 schools and school districts to develop a customized school EOP collaboratively with access to resources along the way and export the EOP as a Word document. Alternatively, the REMS TA Center’s EOP ASSIST Interactive Workbook is a low-tech version of a plan generator and may be used by K-12 schools and school districts to develop a customized EOP with access to resources along the way offline using a PDF viewer and Word. School districts can upload any districtwide goals, objectives, hazards, threats, or functions directly into the software app or add them to the instructions of the interactive workbook. SEAs and REAs can download and install this software app on the state’s server for all schools and school districts in the state/region and use it or the Interactive Workbook to distribute statewide hazards, threats, functions, goals, and/or objectives.
Other Resources from the U.S. Department of Education and Federal Partners
The U.S. Department of Education’s Office of Educational Technology (OET) develops national educational technology policy. OET’s Building Technology Infrastructure for Learning contains information on cybersecurity that was developed in collaboration with the REMS TA Center.
The U.S. Department of Homeland Security’s CISA is the Nation’s risk advisor. CISA provides extensive cybersecurity and infrastructure security knowledge and practices to its stakeholders, shares that knowledge to enable better risk management, and puts it into practice to protect the Nation’s essential resources.
The National Institute of Standards and Technology (NIST) offers the Computer Security Resource Center (CRSC). For 20 years, CSRC has provided access to NIST's cybersecurity- and information security-related projects, publications, news and events.