Skip to main content

K-12 Cybersecurity

Learn how ED and its cross-government partners are working together to build K-12 cybersecurity resilience.

School districts across the country are experiencing an average of five cyber incidents per week. This steady increase in indiscriminate cyber-attacks on K-12 schools is prompting education leaders to think about how cybersecurity fits into emergency operations planning, by increasing both their understanding of the issue and their capacity to integrate the most impactful and cost-efficient strategies for mitigating cybersecurity risks.  Managing cybersecurity risk is now a necessity because school communities are heavily reliant on technology and internet connectivity to carry out education service delivery and day-to-day business operations. 

In its federal role to coordinate and support the K-12 community’s cybersecurity resilience efforts, the U.S. Department of Education is working with stakeholders and partners across federal, state, local, Tribal communities, and territories to support K-12 cybersecurity risk mitigation by:

  • Providing training tools, briefs and resources available through its emergency management and student privacy policy technical assistance centers, respectively.
  • Highlighting cybersecurity best practices
  • Establishing a K-12 council of education stakeholders to facilitate and coordinate cross-government cybersecurity risk mitigation strategies. 
  • Working with federal partners, including the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Council, and the White House Office of the National Cyber Director to raise awareness of this issue in K-12, leverage partnerships, and co-develop resources and other supports to school districts, particularly those with the least capacity to counter cyber threats.
  • Increasing the visibility of free and low-cost cybersecurity resources, tools, and as well as CISA and FBI regional office points of contact.

What we know about K-12 Cybersecurity Attacks

Types of Cyber Incidents 

Cyber incidents in K-12 range from electronic-based data breaches of student, teacher or other school community members and ransomware attacks to online class and meeting intrusions. While not the only vulnerabilities, two critical weaknesses for cyber threat actors to exploit are phishing email and outdated software.

The Data

From trend data to recent assessments by federal security experts, data consistently show that K-12 schools remain vulnerable to cybersecurity threats. The K12 Security Information Exchange’s (K12 SIX) reports that from 2016 to 2021, schools in nearly every state in the country were victims of a cyberattack. The Multi-State Information Sharing and Analysis Center (MS-ISAC) comparably noted in its 2021-22 K-12 Report that more than 29 percent of its members had experienced a cyber incident.

The Consequences

Immediate impact of a cybersecurity incident in a school may result in disruptions to teaching, learning and critical business operations. Many school districts that have experienced a cybersecurity incident speak to the significant, wide-ranging costs of a cyber incident:

  • Financial: costs attributable to teaching and learning loss; labor costs resulting from a shift to manual execution of operations and processes that, in normal conditions, are automated (e.g., manual writing of payroll and third-party vendor payments, etc.); legal and insurance expenses; and long-term costs like credit monitoring for impacted individuals, etc.
  • Political: Loss of trust among teachers, parents, and the community.

What K-12 can do right now to mitigate cybersecurity risk

Multiple useful cybersecurity frameworks exist that districts may use to guide robust resilience efforts such as a cybersecurity annex. But for the many districts with limited IT expert capacity and resources, there are immediate, relatively low-cost prevention strategies that can go a long way to protecting school communities:

Key steps that district and state leaders and technology experts across the country are taking to mitigate risk:

  • The Consortium on School Networking (CoSN) reports that of the nearly more than 72% of school districts surveyed report requiring MFA in 2024, an increase of 32% since 2022.
  • The same CoSN report notes that 53% of school districts surveyed have an incident response plan in place, a jump from 34% in 2022.
  • North Carolina supports a whole-of state approach, building a Joint Cybersecurity Task Force that includes the FBI, National Guard, its state education agency and school districts.
  • Connecticut’s Connecticut Education Network provides accessible and equitable pricing for broadband to 100 percent of the state’s school districts, and multiple cybersecurity services at no cost.
Reporting Cyber Incidents | Step 1

Report to CISA | CISA: www.cisa.gov/report or call 1-844-Say-CISA (1-844-729-2472)

Reporting Cyber Incidents | Step 2

Report cyber-criminal activity to your local FBI field office

U.S. Department of Education Cybersecurity Resources

K-12 and Higher Education

 

K-12 Cybersecurity Government Coordinating Council

The purpose of the K-12 Government Coordinating Council (GCC) is to foster cross-governmental partnerships that strengthen the cybersecurity resilience across K-12 public and tribal schools. The Department established the GCC in Spring 2024 and leads this effort as part of its role in securing the nation’s education cyber critical infrastructure.

Federal agencies, state education agencies, education service agencies, local education agencies, K-12 public and tribal schools are part of this cross-government effort intended to coordinate cybersecurity risk mitigation strategies and leverage collective resources, expertise, and experience in support of efficient and effective daily operations in more than 13,300 school districts across the country.

Office of Elementary and Secondary Education (OESE)
Page Last Reviewed:
December 1, 2024