October is National Cybersecurity Awareness Month
Each day, the internet is used at education agencies to access educational content and curriculum, attendance reporting systems, email and other communication systems, research databases, payroll, and many other business functions. This online access can enhance the learning environment, but also increases the risk of a cybersecurity breach or attack by the user’s online practices. As evidenced by the rise in ransomware and other cyber attacks on education agencies, it is critical for education agencies to engage their community, promote positive and lasting cybersecurity habits, and incorporate cybersecurity into their emergency management planning efforts.
This October, the REMS TA Center is proud to participate along with the Cybersecurity and Infrastructure Security Agency (CISA) and our Federal family—and invites YOU to participate too—in National Cybersecurity Awareness Month (NCAM). This nationwide, month-long campaign aims to raise awareness about the importance of cybersecurity and ensure that all Americans have the resources they need to be safer and secure online. NCSAM 2019 emphasizes personal accountability and stresses the importance of taking proactive steps to enhance cybersecurity at home and in the workplace. This year’s overarching message – Own IT. Secure IT. Protect IT. –focuses on key areas including citizen privacy, consumer devices, and ecommerce security.
Cybersecurity and Emergency Management Planning
Common cybersecurity threats that education agencies face include data breaches, cloud security, denial of service, malware/scareware, phishing/spoofing, unpatched or outdated software vulnerabilities, removable media, and unsecure personal devices. To protect personally identifiable information (PII) and networks, prevent and mitigate cybersecurity breaches, and prepare for the effective response and recovery if an attack occurs, education agencies and their emergency management planning teams can pre-plan for these cybersecurity threats using the six-step planning process outlined in The Role of Districts in Developing High-Quality School Emergency Operations Plans: A Companion to the School Guide, the Guide for Developing High-Quality School Emergency Operations Plans, and the
Guide for Developing High-Quality Emergency Operations Plans for Institutions of Higher Education. Comprehensive emergency operations plans (EOPs) should contain a Cybersecurity Annex.
To support education agencies with the development of a cybersecurity annex, the REMS TA Center has created resources on this topic. We hosted Webinars that provide an overview of the landscape of cyber threats facing education agencies, as well as resources, programs, and tools to help education agencies maintain secure networks and prevent cyber attacks. Additionally, we have researched how cyber incidents affect education agencies and steps they can take to result, resulting in fact sheet sheets. These resources can be accessed below.
The REMS TA Center’s EOP ASSIST software application (app) allows K-12 schools and school districts to develop a customized school EOP collaboratively with access to resources along the way and export the EOP as a Word document. Alternatively, the REMS TA Center’s EOP ASSIST Interactive Workbook is a low-tech version of a plan generator and may be used by K-12 schools and school districts to develop a customized EOP with access to resources along the way offline using a PDF viewer and Word. School districts can upload any districtwide goals, objectives, hazards, threats, or functions directly into the software app or add them to the instructions of the interactive workbook. SEAs and REAs can download and install this software app on the state’s server for all schools and school districts in the state/region and use it or the Interactive Workbook to distribute statewide hazards, threats, functions, goals, and/or objectives.
More information on planning for cybersecurity, cyber safety, and other human-caused threats is available on the REMS TA Center’s topic-specific Web page: Addressing Adversarial- and Human-Caused Threats That May Impact Students, Staff, and Visitors.
Other Resources from the U.S. Department of Education and Federal Partners
The U.S. Department of Education’s Office of Educational Technology (OET) develops national educational technology policy. OET’s Building Technology Infrastructure for Learning contains information on cybersecurity that was developed in collaboration with the REMS TA Center.
The Privacy Technical Assistance Center (PTAC) is administered by the U.S. Department of Education’s Student Privacy Policy Office to serve as a “one-stop” resource for education stakeholders to learn about data privacy, confidentiality, and security practices. They offer FREE training materials, best practice recommendations, and technical assistance to education agencies, including a Data Breach Response Training Kit and section of their Website dedicated to Security Best Practices.
The U.S. Department of Homeland Security’s CISA is the Nation’s risk advisor. CISA provides extensive cybersecurity and infrastructure security knowledge and practices to its stakeholders, shares that knowledge to enable better risk management, and puts it into practice to protect the Nation’s essential resources.
The National Institute of Standards and Technology (NIST) offers the Computer Security Resource Center (CRSC). For 20 years, CSRC has provided access to NIST's cybersecurity- and information security-related projects, publications, news and events.
