Integrating Cybersecurity Into Emergency Operations Plans for K-12 Schools and School Districts
Cybersecurity has increasingly become an important consideration for schools, especially with the increase of remote learning models. As students, teachers, and staff spend more time online, it is critical that the whole school community knows how to prevent cyber threats and respond effectively if they should occur. Schools should plan for a variety of cyber threats, including, but not limited to, data breaches, denial-of-service attacks, social engineering attacks (such as spoofing or phishing), and malware, including scareware and ransomware.
Developing a Cyber Annex
Schools and school districts can prepare for, prevent, mitigate, respond to, and recover from cyber threats by developing a Cyber Annex, as recommended by the
Guide for Developing High-Quality School Emergency Operations Plans and The Role of Districts in Developing High-Quality School Emergency Operations Plans. The Cyber Annex is part of the Threat- and Hazard-Specific Annexes section of a school emergency operations plan (EOP) and should outline goals, objectives, and courses of action for members of the whole school community to take before, during, and after a cyber threat.
The Cyber Annex covers both cybersecurity (i.e., information technology [IT] systems and networks) and cyber safety (i.e., the human element), and it should consider all settings and all times, including how a cyber threat might impact physical and online classrooms. The Cyber Annex is developed using the six-step planning process and should be created, reviewed, and revised in collaboration with community partners and stakeholders.
NEW Cybersecurity Training Materials
To support K-12 schools and school districts with enhancing their understanding of cyber threats and developing a Cyber Annex, the REMS TA Center has created and updated three training opportunities on the topic of cybersecurity, including
- A NEW online course, entitled Cybersecurity Considerations for K-12 Schools and School Districts. Take this course to learn about the types of evolving cyber threats facing school and school district networks and systems; the before, during, and after aspects of preparing for, responding to, and recovering from cyber threats; and how cybersecurity can be integrated into new and existing EOPs.
- A NEW downloadable training package, entitled Integrating Cybersecurity Into School Emergency Operations Plans. Use the materials in this module to learn and/or train colleagues on why cybersecurity is important in the context of school safety planning, about cyber threats facing K-12 networks and systems, and how to develop a Cyber Annex as a part of the EOP. Materials include a PowerPoint presentation, training instructions, a tabletop exercise, and a resource list.
- An updated exercises package, featuring a NEW tabletop exercise on cybersecurity. Strengthen your Cyber Annex by talking through a cyber threat scenario with your core planning team. Materials within the Emergency Exercises Package can help you identify gaps and weaknesses in your EOP.
These training materials offer asynchronous and synchronous opportunities to build the capacity of the whole school community, including school and school district administrators and staff; IT personnel; members of core and ad-hoc planning teams; and community partners with a role and/or responsibility in school safety, security, emergency management, and preparedness.
Additional Resources
In addition to these new training materials, the REMS TA Center and its partners offer the following resources to support K-12 schools and school districts in preparing for cyber threats and developing a Cyber Annex
- Cybersecurity Considerations for K-12 Schools and School Districts, Fact Sheet (REMS TA Center)
- Cyber Safety Considerations for K-12 Schools and School Districts, Fact Sheet (REMS TA Center)
- Integrating Cybersecurity With Emergency Operations Plans (EOPs) for K-12 Schools, Webinar (REMS TA Center)
- Cyber Essentials Starter Kit: The Basics for Building a Culture of Cyber Readiness, Publication (U.S. Department of Homeland Security [DHS], Cybersecurity and Infrastructure Security Agency [CISA])
- StopRansomware.gov, Website (DHS, CISA)
- NetSmartz®, Website (National Center for Missing and Exploited Children)
- Cybersecurity, Web Page (DHS, CISA)
- Cyber Threats to K-12 Remote Learning Education, Fact Sheet (DHS, CISA)
|