White House launches new cybersecurity campaign to safeguard schools

The White House is aiming to tackle cybersecurity issues in the nation's school systems head on with a slate of new initiatives and federal resources announced on Monday. 

The administration is establishing a new entity to spearhead cybersecurity policy and communications that bolster cyber resilience in K-12 schools, called the Government Coordinating Council. The council will help schools prepare for and respond to cybersecurity attacks while facilitating formal collaboration efforts between federal, state, local, tribal and territorial governments. 

The Department of Education and the Cybersecurity and Infrastructure Security Agency also co-authored three K-12 digital infrastructure briefs released on Monday, which provide guidance and recommended actions to secure digital infrastructure throughout the education system and keep school systems safe from cyber intrusions. The guidelines task everyone — from vendors and service providers to school administrators and students — with maintaining an accessible and resilient digital infrastructure and call for school systems to adopt a threat-informed, risk-based approach to cybersecurity. 

Anne Neuberger, deputy national security advisor for cyber and emerging technology, described the new initiatives on Sunday night during a call with reporters as "real, meaningful steps" that will help secure school systems' digital infrastructure and "make it harder for bad actors to steal our students' and educators' sensitive information."

"The White House administration, alongside our private sector partners, are working to step up to help our nation's schools have access to the resources they need to bolster their cyber infrastructure," she added. 

On Monday, Amazon Web Services announced a new $20 million grant program available to all school districts and state education departments nationwide. The grant program will provide schools with security training resources and no-cost cyber incident response assistance. The program will also offer security reviews to U.S. education technology companies that provide services to school districts across the country. 

Other companies announced new cybersecurity initiatives for schools on Monday, including Google, which updated its K-12 cybersecurity guidebook, and Cloudflare, which said it will offer a suite of free zero trust cybersecurity solutions to small schools. 

Recent federal reports have documented increased cyberattacks targeting K-12 schools, which can amount to critical delays in learning and major monetary losses for school districts, many of which already face significant funding constraints. Schools are seen as high-value targets by threat actors, due to their possession of sensitive personal information and the critical services they provide to millions of Americans. 

"Schools have access to more devices and connectivity than ever before, and this technology in education has incredible potential to help students better connect with their learning and achieve, and teachers better engage with their students,” Secretary of Education Miguel Cardona said in a statement. "But to make the most of these benefits, we must effectively manage the risks."

Federal agencies also announced a slate of new cybersecurity offerings for schools. CISA said it was committing to new cybersecurity training, tailored assessments and K-12 cyber exercises over the coming school year, while the FBI and National Guard Bureau published updated resource guides for cyber incident reporting and defense.