Today, I am pleased to introduce and launch the “K-12 Cyber Incident Map.” It is a visualization of cybersecurity-related incidents reported about U.S. K-12 public schools and districts from 2016 to the present. Painstakingly assembled from public reports, it was created to begin to build a data-based awareness of the scope and variety of digital security and privacy threats facing K-12 public schools and districts, as well as to shed a light on the need for uniform standards for disclosing cyber incidents affecting schools, students, and educators.
To better understand the cybersecurity challenges facing schools, Education Week talked with school leaders in Arizona, Connecticut, Montana, and Texas about the cybersecurity incidents they faced, and how they responded. They found that the country’s K-12 information-technology leaders are likely underestimating the dangers they face and that many are failing to take even basic steps to secure their networks and data.
Both FERPA and the COPPA Rule presume that schools have the resources and knowledge to assess their own data security practices, to say nothing of that of their vendors. Emerging evidence suggests that this presumption should be challenged. The FTC and ED can take affirmative action to improve the security with which schools and their vendors treat student data.
Natasha Singer—this time with colleague Danielle Ivory—have released another in the New York Times’ series ‘Education Disrupted.’ Like other stories in the series, it focuses on issues of conflicts of interest in education and educational technology. This issue is a cancer on the sector, enabled by and made worse by the lack of any serious interest in self-policing or self-regulation.