Skip to content

ICYMI: Senator Hassan Leads Field Panel on Strengthening Cybersecurity for K-12 Schools

MANCHESTER – In case you missed it, U.S. Senator Maggie Hassan, Chair of the Emerging Threats and Spending Oversight Subcommittee, led a field panel to discuss efforts to improve cybersecurity for K-12 schools. Panelists discussed the effects of cyberattacks on K-12 schools, as well as what can be done to more effectively respond to these attacks and improve coordination on all levels. The panel included officials from the Cybersecurity and Infrastructure Security Agency, the United States Secret Service, and New Hampshire schools, as well as New Hampshire’s Chief Information Security Officer and the New Hampshire Commissioner of the Department of Information Technology. The panel also featured Richard Rossi, New Hampshire’s Cybersecurity Coordinator. Senator Hassan created this position in each state through a bipartisan bill that she passed into law. 

Senator Hassan has led efforts to improve coordination between federal, state, and local officials. In addition to creating Cybersecurity Coordinators in each state, Senator Hassan created a state and local cybersecurity grant program as part of the bipartisan infrastructure law. Earlier this month, following a push from Senator Hassan, the Department of Education announced new action to strengthen cybersecurity for K-12 schools, including the establishing of a Government Coordinating Council to strengthen the cyber defenses and resilience of K-12 schools.

Read coverage of the event from WMUR, New Hampshire Bulletin, and Manchester Ink Link:

New Hampshire Bulletin: ‘It’s really a defense’: As cyberattacks rise, officials urge schools to take precautions

By Ethan DeWitt

[…]At a panel Monday at Saint Anselm College organized by Sen. Maggie Hassan, state officials, private sector security experts, and former school administrators came to agreement on one clear point: K-12 schools are vulnerable targets. And unless school districts take proactive measures, attempts to take advantage of them will likely increase.

The consequences can be dire: Beyond staff and parent information, the Social Security information of students can be held and used to take out fraudulent loans once they are adults, years after the actual breach.

“It’s hard to understate how great a threat and a risk there is for schools,” said Daniel King, New England chief of cybersecurity for the U.S. Cybersecurity and Infrastructure Security Agency.

[…]In 2021, Congress passed a $1 trillion infrastructure bill that included a measure co-sponsored by Hassan to devote $1 billion toward cybersecurity programs over four years, 80 percent of which must be passed on to local governments and school districts. New Hampshire’s Department of Information Technology is currently helping distribute that, Commissioner Dennis Goulet told the panel Monday.

Meanwhile, New England officials with the U.S. Cybersecurity and Infrastructure Security Agency are talking to school districts in the state to guide them on best practices and give tailored advice on where they should invest in security upgrades.

Officials are focusing on a range of tools, from encouraging the requirement of multi-factor authentication every time a staff person logs in, to improving the way sensitive information is compartmentalized to be harder to access, to training employees how to spot and avoid phishing scams. Some of the measures districts can take are not expensive and simply require new procedures. And the investment trade-off can be significant: A major breach can cost a district millions of dollars to repair, even if the ransom is not paid.

But in some cases, budgets are a limiting factor. Many districts struggle to hire or retain sufficient information technology staff, when private sector jobs in that profession can offer much better benefits. And some companies like Google and Microsoft put their most secure features behind a paywall, adding budgetary strain, McLeod noted.

While the evidence suggests that cyberattacks are increasing, the full extent of their use is hard to pinpoint. Many victims – both individuals and large organizations – do not report the breaches publicly. Often, those organizations or local governments are advised by private law firms and insurance companies, who may encourage silence or cooperation with the cyberattackers.

WMUR: Schools need more help preparing for cyberattacks, experts say

By Jamie Staton

Experts told a U.S. Senate field panel in New Hampshire on Monday that one out of every three school districts in the country has had to deal with a cyberattack or data breach.

U.S. Sen. Maggie Hassan, D-New Hampshire, held the field panel at St. Anselm College.

Cybersecurity experts said that each time a school district deals with a data breach or attack, the recovery can cost over $1 million and disrupt classroom learning.

"As we prepare for the new school year, it's an important time to take a look at the cybersecurity of our school systems," Hassan said.

Officials said that dealing with the issue in New Hampshire is a collaborative effort.

"School districts are learning more and more. They are getting their personnel trained up," Hassan said. "That's one of the reasons it was important to have the Secret Service here today, because they provide critical training at no cost."

Cyberattacks on K-12 schools are on the increase, experts said. The attacks can disrupt educational instruction and school operations, and can put the private information of students at risk, leaving them vulnerable to emotional, physical and financial harm.

[…]New Hampshire is getting a cybersecurity grant from the U.S. Department of Homeland Security for $2.5 million, which will be used, in part, to set up multifactor authentication for school districts.

Manchester Ink Link: Hassan holds Senate cybersecurity field panel

By Andrew Sylvia

As America’s move toward conducting more aspects of life on the internet grows, public schools and other government entities have become frequent targets of online attacks. However, a collection of New Hampshire experts believe that efforts can be made to stem this tide.

On Monday, U.S. Senator Maggie Hassan (D-NH) held a field panel of the U.S. Senate Emerging Threats and Spending Oversight Subcommitee at the New Hampshire Institute of Politics at Saint Anselm College.

In a series of questions and answers between Hassan and the panel of local experts, which Hassan has conducted on various topics in other parts of New Hampshire, discussion on the costs of cyber-attacks on school districts and strategies on how to respond were discussed.

It was noted that $29.3 million has been lost in 1,416 cyber ransom attacks in New Hampshire alone, with a $10.3 billion amount nationally. New Hampshire Cybersecurity Coordinator Richard Rossi said that two-thirds of school districts across the country lack an employee dedicated to data security and 12 percent of school districts nationally expend no money on cybersecurity.

[…]Hassan discussed efforts from Congress to help coordinate efforts in fighting cyberattacks such as the Cybersecurity State Coordinator Act, elements of which were introduced as an amendment in the annual National Defense Authorization Act.

“Cyberattacks on our hospitals, schools, and local governments are becoming an increasingly common occurrence, especially amid this pandemic. We must provide these entities with the support that they need to prevent and mitigate cyberattacks,” said Hassan in a statement prior to the panel. “The Senate took an important step to help bolster cybersecurity at all levels of government by passing our bipartisan measure to create a Cybersecurity Coordinator position in every state as part of the national defense bill. These cyber experts will be a bridge between the federal government and state and local entities, and it is imperative that the President swiftly sign this bipartisan bill into law.”

In addition to advising local school districts seek out additional resources to prevent cyber-attacks, experts on the panel also urged employees within school districts to make data security a priority of everyone immediately if it is not already so.[…]