Senators Hassan, Rosen, Sinema Call for Review of Federal Agencies’ Efforts to Help Protect K-12 Schools From Cyber Threats

WASHINGTON – U.S. Senators Maggie Hassan (D-NH), Jacky Rosen (D-NV), and Kyrsten Sinema (D-AZ), who all serve on the Senate Homeland Security Committee, called for an independent Government Accountability Office review of federal agencies’ efforts to help protect K-12 schools from cyber threats, particularly as the COVID-19 pandemic has caused many schools to shift more of their education online. Senator Hassan recently co-led a Senate Homeland Security Subcommittee hearing on strengthening cybersecurity for state and local governments and other entities, including schools, amid the COVID-19 pandemic.

“In response to the pandemic, many K-12 schools shifted to offering some form of remote education, increasing their dependence on laptops, wireless internet access, and cameras and microphones,” the Senators wrote. “At the same time, potential threats from cyberattacks remain serious and prevalent. For instance, school districts in New Hampshire, Nevada, Arizona, and across the country have recently reported instances of ransomware attacks.”

Last year, Senator Hassan met with school officials in Sunapee, New Hampshire after their school district was the subject of a ransomware attack. 

The Senators continued, “We are concerned about the extent to which K-12 schools are adequately protected from cyber threats as they expand or revise operations during the pandemic and beyond. Moreover, we would like to understand how Federal agencies coordinate school protection through information sharing, intelligence, and other resources that the Federal government has at its disposal in an effort to help schools combat cyber threats.”

Senator Hassan is working on a bipartisan basis to bolster cybersecurity across all levels of government. Senator Hassan recently led in introducing a bipartisan bill to require the Department of Homeland Security to establish a federally funded Cybersecurity Coordinator in each state, who would be responsible for helping to prevent and respond to cybersecurity threats by coordinating between federal, state, and local governments, as well as schools, hospitals, and other entities. An amendment that mirrors this legislation recently passed the Senate as part of the annual National Defense Authorization Act. Senator Hassan also successfully worked to pass into law the bipartisan Department of Homeland Security (DHS) Cyber Hunt and Incident Response Teams Act, which requires that the Department of Homeland Security make permanent “cyber hunt” and “cyber incident response” teams to work to help prevent cyberattacks at all levels of government and the private sector, and help mitigate the impact of such attacks when they occur.

To read the full text of the letter, click here or see below.

Dear Mr. Dodaro,

Across our nation, approximately 100,000 public schools serve more than 50 million students from kindergarten through 12th grade (K-12) and play an integral role in the educational, civic, and economic life of local communities. It is critical that the Government Accountability Office (GAO) review efforts by the Department of Education (Education), Department of Homeland Security (DHS), and other relevant federal agencies to assist school districts in protecting themselves from cyber threats.

Even before the COVID-19 pandemic, schools districts were increasingly reliant on technology for grading, enhancing educational offerings, and obtaining real time feedback on student and teacher performance.

In response to the pandemic, many K-12 schools shifted to offering some form of remote education, increasing their dependence on laptops, wireless internet access, and cameras and microphones. At the same time, potential threats from cyberattacks remain serious and prevalent. For instance, school districts in New Hampshire, Nevada, Arizona, and across the country have recently reported instances of ransomware attacks.

In 2015, the Government Facilities Sector Specific Plan identified Education’s Office of Safe and Drug Free Schools as the Sector Specific Agency (federal agency lead) for the Education Facilities Subsector.^[1] In that role, Education is responsible for coordinating with Federal and non-Federal partners to address risk management for schools, including cyberattack risks. In addition, DHS is authorized to support Federal and non-Federal sector partners by sharing information through its dedicated 24/7 coordination and information sharing operations center.

We are concerned about the extent to which K-12 schools are adequately protected from cyber threats as they expand or revise operations during the pandemic and beyond. Moreover, we would like to understand how Federal agencies coordinate school protection through information sharing, intelligence, and other resources that the Federal government has at its disposal in an effort to help schools combat cyber threats.

We seek a review by the Government Accountability Office on efforts by Education, DHS, and other relevant federal agencies to assist school districts in securing themselves from cyber threats and the effectiveness of these efforts. We also request any recommendations GAO can offer to Congress to improve federal cybersecurity support for school districts. We appreciate your prompt attention to this matter.

###