December 4, 2021

News

News Network

Critical Infrastructure Protection: Education Should Take Additional Steps to Help Protect K-12 Schools from Cyber Threats

11 min read
<div>What GAO Found Federal guidance, such as the National Infrastructure Protection Plan (National Plan), specify the roles and responsibilities of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), the Department of Education's Office of Safe and Secure Schools, and the Federal Bureau of Investigation to assist school districts in protecting against cyber threats. These agencies have provided programs, services, and support to assist kindergarten through 12th grade (K-12) schools in defending against cyber threats. Examples of such support include incident response assistance, network monitoring tools, and guidance for parents and students on preparing for the cyber threats that students face online (see table). Federal Resources for Cyberattacks on Kindergarten through Grade 12 (K-12) Schools As the lead for the education subsector, the Department of Education is responsible for (1) developing and maintaining a sector-specific plan to address cybersecurity risks at K-12 schools, and (2) determining the need for sector-specific guidance. The Education Facilities plan was developed and issued in 2010. Since then, the cybersecurity risks facing the subsector have substantially changed. Among other things, schools have increasingly reported ransomware and other cyberattacks that can cause significant disruptions to school operations, thus highlighting the importance of securing K-12 schools' IT systems. According to data from K-12 Security Information Exchange, schools publicly reported 62 ransomware incidents in 2019, compared to 11 ransomware incidents reported in 2018. However, Education has not updated its 2010 plan and has not determined whether sector-specific guidance is needed for K-12 schools to help protect against cyber threats. Education officials stated that the department has not updated the sector plan and not determined the need for sector-specific guidance because CISA has not directed it to do so. However, as previously stated, the department is responsible for updating its sector plan and determining the need for guidance. As a result, K-12 schools are less likely to have the federal products, services, and support that can best help protect them from cyberattacks. Why GAO Did This Study When the COVID-19 pandemic forced the closure of schools across the nation, many K-12 schools moved from in-person to remote education, increasing their dependence on IT and making them potentially more vulnerable to cyberattacks. Education Facilities, including K-12 schools, is one of the nation's critical infrastructure subsectors. Several agencies have a role in protecting the subsector. GAO was asked to review cybersecurity in K-12 schools. The objective of this report is to determine the extent that federal agencies have assisted schools in protecting themselves from cyber threats. To do so, GAO identified laws and federal guidance that specify the roles and responsibilities of federal agencies to assist schools in protecting against cyber threats. GAO analyzed documentation of the types of products and services federal agencies have in place to identify, protect, detect, respond, and recover from attacks. In addition, GAO interviewed federal officials about such products and services they offer to K-12 schools.</div>
What GAO Found

Federal guidance, such as the National Infrastructure Protection Plan (National Plan), specify the roles and responsibilities of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the Department of Education’s Office of Safe and Secure Schools, and the Federal Bureau of Investigation to assist school districts in protecting against cyber threats. These agencies have provided programs, services, and support to assist kindergarten through 12th grade (K-12) schools in defending against cyber threats. Examples of such support include incident response assistance, network monitoring tools, and guidance for parents and students on preparing for the cyber threats that students face online (see table).

Federal Resources for Cyberattacks on Kindergarten through Grade 12 (K-12) Schools

As the lead for the education subsector, the Department of Education is responsible for (1) developing and maintaining a sector-specific plan to address cybersecurity risks at K-12 schools, and (2) determining the need for sector-specific guidance. The Education Facilities plan was developed and issued in 2010. Since then, the cybersecurity risks facing the subsector have substantially changed. Among other things, schools have increasingly reported ransomware and other cyberattacks that can cause significant disruptions to school operations, thus highlighting the importance of securing K-12 schools’ IT systems. According to data from K-12 Security Information Exchange, schools publicly reported 62 ransomware incidents in 2019, compared to 11 ransomware incidents reported in 2018. However, Education has not updated its 2010 plan and has not determined whether sector-specific guidance is needed for K-12 schools to help protect against cyber threats. Education officials stated that the department has not updated the sector plan and not determined the need for sector-specific guidance because CISA has not directed it to do so. However, as previously stated, the department is responsible for updating its sector plan and determining the need for guidance. As a result, K-12 schools are less likely to have the federal products, services, and support that can best help protect them from cyberattacks.

Why GAO Did This Study

When the COVID-19 pandemic forced the closure of schools across the nation, many K-12 schools moved from in-person to remote education, increasing their dependence on IT and making them potentially more vulnerable to cyberattacks. Education Facilities, including K-12 schools, is one of the nation’s critical infrastructure subsectors. Several agencies have a role in protecting the subsector.

GAO was asked to review cybersecurity in K-12 schools. The objective of this report is to determine the extent that federal agencies have assisted schools in protecting themselves from cyber threats. To do so, GAO identified laws and federal guidance that specify the roles and responsibilities of federal agencies to assist schools in protecting against cyber threats. GAO analyzed documentation of the types of products and services federal agencies have in place to identify, protect, detect, respond, and recover from attacks. In addition, GAO interviewed federal officials about such products and services they offer to K-12 schools.

More from:

News Network

  • Chronic Health Conditions: Federal Strategy Needed to Coordinate Diet-Related Efforts
    In U.S GAO News
    What GAO Found According to the latest federal data available, selected chronic health conditions linked to diet are prevalent, deadly, and costly. These diet-related conditions include cardiovascular diseases (heart disease and stroke), cancer, diabetes, and obesity. For example, 2018 federal data show: Prevalence. Forty-two percent of adults had obesity—or approximately 100 million U.S. adults. Mortality. Cardiovascular diseases, cancer, and diabetes accounted for half of all annual deaths in the U.S. (about 1.5 million deaths). People living in southern states, men, and Black Americans had disproportionately higher mortality rates than those living in other regions, women, and other races. Cost. Government spending, including Medicare and Medicaid, to treat cardiovascular disease, cancer, and diabetes accounted for 54 percent of the $383.6 billion in health care spending to treat these conditions. The increase in certain diet-related conditions over time indicates further potential threats to Americans' health. For example, the prevalence of obesity among adults was 19 percent higher in 2018 than in 2009. GAO identified 200 federal efforts related to diet—fragmented across 21 agencies—for reducing Americans' risk of chronic health conditions. The efforts fall into four categories (see table). Federal Agencies' Efforts to Address Diet as a Factor of Chronic Health Conditions Categories Number of efforts Examples of activities Total efforts 200   Research 119 Collect and monitor data, conduct or fund studies, review research to develop guidelines on healthy eating Education and clinical services 72 Inform program beneficiaries, counsel health care patients, inform the public with mass communication Food assistance and access 27 Provide food or assistance in purchasing food, improve community access to healthy food Regulatory action 6 Issue requirements or recommendations for food producers, manufacturers, and retailers Source: GAO analysis of agency information. | GAO-21-593 Note: Effort numbers do not add up to 200 because some efforts fall into multiple categories. Agencies have taken some actions to coordinate, such as by establishing interagency groups. However, they have not effectively managed fragmentation of diet-related efforts or the potential for overlap and duplication. Such fragmentation has impacted the agencies' ability to achieve certain outcomes. For example, according to agency officials and nonfederal stakeholders, agencies have not fully addressed important gaps in scientific knowledge where research is sparse, including on healthy diets for infants and young children. A federal strategy for diet-related efforts could provide sustained leadership and result in improved, cost-effective outcomes for reducing Americans' risk of diet-related chronic health conditions. Why GAO Did This Study Many chronic health conditions are preventable, yet they are leading causes of death and disability in the United States. In addition, people with certain chronic health conditions are more likely to be hospitalized or die from COVID-19 than people without them. Poor diet is one prominent risk factor for chronic health conditions, alongside tobacco use, physical inactivity, and others. Numerous federal agencies have a role in addressing diet and its link to chronic health conditions. GAO was asked to review diet-related chronic health conditions and federal efforts to address them. This report examines (1) federal data on prevalence, mortality, and costs of selected diet-related chronic health conditions; (2) federal diet-related efforts to reduce Americans' risk of chronic health conditions; and (3) the extent to which federal agencies have coordinated their efforts. GAO selected conditions with established scientific links to diet. GAO then analyzed federal data on prevalence, mortality, and health care spending; reviewed agency documents; interviewed officials from 21 federal agencies with a role in diet, as well as nonfederal stakeholders; and compared agency actions with selected leading practices for collaboration, which GAO has identified in prior work.
    [Read More…]
  • Secretary Antony J. Blinken with Andrea Mitchell of MSNBC Andrea Mitchell Reports
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Remarks by Principal Deputy Assistant Attorney General Jonathan D. Brightbill at the American Bar Association’s Environmental & Energy Litigation Federal Updates Virtual Regional CLE Program
    In Crime News
    Remarks as Prepared for [Read More…]
  • Secretary Michael R. Pompeo And Indonesian Foreign Minister Retno Marsudi
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • Florida Man Charged with COVID Relief Fraud, Health Care Fraud and Money Laundering
    In Crime News
    A Florida man has been charged regarding allegations that he fraudulently obtained a Paycheck Protection Program (PPP) loan and an Economic Injury Disaster Loan (EIDL), and that he orchestrated a conspiracy to submit false and fraudulent claims for reimbursement to Medicare and CareCredit, and to defraud his own patients by charging them thousands of dollars for chiropractic services under false pretenses.
    [Read More…]
  • National Weather Service: Additional Actions Needed to Improve the Agency’s Reform Efforts
    In U.S GAO News
    What GAO Found The Department of Commerce's National Weather Service (NWS) initiated the Evolve Program in 2017 to carry out a series of agency reforms to help it achieve its strategic vision of strengthening the nation's readiness and responsiveness to extreme weather events. The program has 20 reform initiatives that are in varying stages of completeness and are intended to free up staff time and improve service to the agency's partners, among other things. NWS has substantially followed five of eight leading reform practices. Extent to Which NWS Has Followed Selected Leading Practices for Effective Agency Reforms Practice Extent followed Establishing goals and outcomes ◒ Involving employees and key stakeholders ◒ Using data and evidence ● Addressing fragmentation, overlap, and duplication ● Leadership focus and attention ◒ Managing and monitoring ● Strategic workforce planning ● Employee performance management ● Legend: ● Substantially followed —NWS took actions that addressed most or all aspects of the selected key questions GAO examined for the practice. ◒ Partially followed —NWS took actions that addressed some, but not most, aspects of the selected key questions GAO examined for the practice. Source: GAO analysis of National Weather Service (NWS) documents and interviews with NWS officials. | GAO-21-103792 However, the agency has only partially followed the other three practices, resulting in gaps. Establishing goals and outcomes. NWS has established goals for the Evolve Program but has not established performance measures for key elements of the program's reform efforts. Involving employees and key stakeholders. NWS has engaged its employees in a number of ways in developing the Evolve reforms, including by sending quarterly email updates to all employees. However, the agency has not developed a two-way communications strategy for the program that listens and responds to employee concerns about the proposed reforms. Leadership focus and attention. NWS has designated three leadership positions as having primary responsibility for leading the implementation of the reforms. However, the agency has not established a dedicated implementation team that has the capacity to manage the reform process. Instead, the agency has primarily relied on rotating leaders and part-time staff for the Evolve Program, an approach that has not provided adequate leadership and staff continuity for the program. By addressing gaps in these areas, NWS would have better assurance that its Evolve reform efforts will succeed. Why GAO Did This Study Extreme weather events, such as tornadoes and hurricanes, have caused major damage and loss of life in the United States. NWS is responsible for developing weather forecasts and issuing warnings to help protect life and property from such events. NWS has determined that it needs to reform its operations and workforce to effectively carry out this responsibility and to improve its provision of services to emergency managers and other partners. GAO was asked to review NWS's reform efforts under the Evolve Program. This report examines, among other things, the actions NWS has taken under the Evolve Program and the extent to which it has followed selected leading practices for effective agency reforms. GAO reviewed relevant NWS documents, interviewed officials, and assessed the Evolve reform efforts against selected leading practices.
    [Read More…]
  • Malawi Travel Advisory
    In Travel
    Do not travel [Read More…]
  • Three Additional States Ask Court To Join Justice Department Antitrust Suit Against Google
    In Crime News
    Today, the Attorneys General of Michigan and Wisconsin filed for permission to join the antitrust lawsuit filed by the United States and eleven other state Attorneys General against monopolist Google. This follows a similar recent motion by the California Attorney General to join the lawsuit on December 11, 2020.
    [Read More…]
  • Secretary Blinken’s Call with Qatari Deputy Prime Minister and Minister of Foreign Affairs Al-Thani
    In Crime Control and Security News
    Office of the [Read More…]
  • Thirteen Defendants Plead Guilty in $126 Million Compounding Fraud Scheme
    In Crime News
    Thirteen defendants, including three compounding pharmacy owners, three physicians, two pharmacists, and three patient recruiters, pleaded guilty in the Southern District of Texas to a years-long, multi-state scheme to defraud the U.S. Department of Labor’s (DOL) Office of Workers’ Compensation Programs (OWCP) and TRICARE.
    [Read More…]
  • Nowruz Message
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Mongolia Travel Advisory
    In Travel
    Reconsider travel to [Read More…]
  • Secretary Blinken’s Call with Cabo Verdean Prime Minister Correia e Silva
    In Crime Control and Security News
    Office of the [Read More…]
  • Individual Pleads Guilty to Murder in Indian Country
    In Crime News
    An enrolled member of the Seminole Nation of Oklahoma and member of the Indian Brotherhood (IBH), a prison-based gang active in Oklahoma, pleaded guilty today to charges related to two separate homicides that took place in 2015 and 2017 within Indian Country in Oklahoma.
    [Read More…]
  • Political Directors Small Group Meeting of the Global Coalition to Defeat Daesh/ISIS
    In Crime Control and Security News
    Office of the [Read More…]
  • Opening Remarks by Secretary of State Michael R. Pompeo Before the Senate Caucus on International Narcotics Control
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • Turkey National Day
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Former Information Technology Executive Pleads Guilty to Insider Trading and Aiding in the Preparation of a False Tax Return
    In Crime News
    A former information technology (IT) executive pleaded guilty today in the Western District of Pennsylvania to conspiracy to commit securities fraud and aiding in the preparation of a false tax return.
    [Read More…]
  • Woman First in the Nation Charged with Misappropriating Monies Designed for COVID Medical Provider Relief
    In Crime News
    A Michigan woman was indicted on allegations that she intentionally misappropriated government funds that were designed to aid medical providers in the treatment of patients suffering from COVID-19 and used them for her own personal expenses.
    [Read More…]
  • Warsaw Process Humanitarian Issues and Refugees Working Group Convenes in Brasilia
    In Human Health, Resources and Services
    Office of the [Read More…]

Crime

Network News © 2005 Area.Control.Network™ All rights reserved.