Today, I am pleased to introduce and launch the “K-12 Cyber Incident Map.” It is a visualization of cybersecurity-related incidents reported about U.S. K-12 public schools and districts from 2016 to the present. Painstakingly assembled from public reports, it was created to begin to build a data-based awareness of the scope and variety of digital security and privacy threats facing K-12 public schools and districts, as well as to shed a light on the need for uniform standards for disclosing cyber incidents affecting schools, students, and educators.
To better understand the cybersecurity challenges facing schools, Education Week talked with school leaders in Arizona, Connecticut, Montana, and Texas about the cybersecurity incidents they faced, and how they responded. They found that the country’s K-12 information-technology leaders are likely underestimating the dangers they face and that many are failing to take even basic steps to secure their networks and data.
Both FERPA and the COPPA Rule presume that schools have the resources and knowledge to assess their own data security practices, to say nothing of that of their vendors. Emerging evidence suggests that this presumption should be challenged. The FTC and ED can take affirmative action to improve the security with which schools and their vendors treat student data.