State education leaders worry funding for cybersecurity isn’t keeping pace with the worsening problem of attacks on schools, according to a survey released Sept. 11 by the State Educational Technology Directors Association.
Schools are hit more by cyberattacks than hospitals, local governments, and other public sector targets, according to a January report from the antivirus software company Emsisoft that is cited in SETDA’s report.
Some educators fear that the rise of artificial intelligence, which relies on datasets that may include student and staff personal information, could compound the problem, the report said.
States aren’t providing enough funding to address the problem, state ed-tech leaders said. Specifically, the percentage of state leaders who believe their state provides “sufficient” funds to support cybersecurity efforts in schools dropped from 19 percent in last year’s annual survey to 8 percent this year. The survey, which was conducted beginning in May, included responses from more than 80 state ed-tech directors, state chiefs, and chief information officers from 46 states.
What’s more, the percentage of respondents reporting that their state provides “only a small amount of funding for cybersecurity” more than doubled, from 15 percent last year to 33 percent this year.
That doesn’t necessarily mean states are providing less money for cybersecurity, the report said. Instead, “it may simply reflect shifting perceptions of how much it costs to keep up with the escalating threats school systems face,” the report said. “In other words, last year’s ‘ample funding’ might be this year’s ‘insufficient funding.’”
States are also puzzling through how they can be most effective in helping districts ward off attacks, Julia Fallon, the executive director of SETDA, said in an interview.
“I think states are trying to figure out what their role is [to] help districts,” Fallon said. “Some districts are large enough to have a cybersecurity staff, while smaller districts may not. So what’s the state’s role?”
Connecticut, for instance, bought software to ward off a specific type of attack for districts in the entire state, she said.
“That’s [one] funding model,” Falllon said. “They’re taking care of that, so it doesn’t then [fall to] schools.”
A new federal grant program may help make up for some of the funding gap, at least at the district level.
The Federal Communications Commission has launched a $200 million, three-year pilot project to help cover the cost of cybersecurity services at schools and libraries.
Schools and school districts will be eligible to receive up to $13.60 per student annually to help cover the cost of certain cybersecurity services and equipment. Grants for schools and districts can range from $15,000 to $1.5 million. Applications will open on Sept. 17 and close on Nov. 1.
Even though $200 million won’t be enough to address all of districts’ cybersecurity problems, SETDA is encouraging districts to apply for the program.
A flood of district applications will make it clear that there’s “a demand for the funding,” Fallon said, as well as giving policymakers more information about how to structure a broader, more permanent cybersecurity program.