An official website of the United States government
There is no more important institution to the future prosperity and strength of the United States than our nation’s K–12 education system. K–12 schools and school districts have adopted advanced networking technologies that facilitate learning and make schools more efficient and effective. This technological gain, however, has introduced heightened risks. Malicious cyber actors are targeting K–12 education organizations across the country, with potentially catastrophic impacts on students, their families, teachers, and administrators.
The K–12 cybersecurity challenge was exacerbated by the COVID-19 pandemic, which significantly tested the nation’s education system, necessitating an unexpected pivot to virtual learning that rendered our K–12 educational institutions increasingly vulnerable as new technologies were adopted on an unprecedented scale. Cyberattacks, and the threat thereof, strained resources and impacted delivery of critical education services across the nation. This has placed an untenable burden on our educational institutions and the populations that they serve and protect — children, parents, and educators. A continuing drumbeat of cyber intrusions is threatening the nation’s ability to educate our children while also placing personal information and school data at risk.
Congress recognized this heightened risk environment by enacting the K–12 Cybersecurity Act of 2021 (“The Act”), which required the Cybersecurity and Infrastructure Security Agency (CISA) to report on cybersecurity risks facing elementary and secondary schools and develop recommendations that include cybersecurity guidelines designed to help schools face these risks. Our resultant report provides insight into the current threat landscape and the K–12 community’s capacity to prevent and mitigate cyber-attacks. Recommendations throughout this report are informed by insights from policymakers, government officials, and members of the K–12 community. These recommendations are presented with a caveat: change must come from the top down. Leaders must establish and reinforce a cybersecure culture. Information technology and cybersecurity personnel cannot bear the burden alone.
CISA released its report and toolkit for K-12 institutions to help them better protect against cybersecurity threats. The report titled “Partnering to Safeguard K-12 Organizations from Cybersecurity Threats” provides recommendations and resources to help K-12 schools and school districts address systemic cybersecurity risk. It also provides insight into the current threat landscape specific to the K-12 community and offers simple steps school leaders can take to strengthen their cybersecurity efforts.
The report, CISA’s recommendations, and supporting digital toolkit can be accessed below.
Invest in the most impactful security measures and build toward a mature cybersecurity plan by taking these three steps:
Recognize and actively address resource constraints:
Focus on collaboration and information sharing:
The toolkit aligns resources and materials to each of CISA’s three recommendations along with guidance on how stakeholders can implement each recommendation based on their current needs. Along with each recommendation, stakeholders will find key actions and related resources to help them confidently build, operate, and maintain resilient cybersecurity programs at their school or district. The toolkit also shares additional free cybersecurity trainings and resources available for the K-12 community.
Please visit the Digital Toolkit page for all resources. You can print this Toolkit (.pdf, 919KB) as well.
Additional Resources:
Was this webpage helpful? Yes | Somewhat | No
Need CISA’s help but don’t know where to start? Contact the CISA Service desk.