The US Department of Education's GCC for K-12 Cybersecurity aims to protect schools from cyber threats and enhance the learning environment nationwide.
On March 28, 2024 the US Department of Education (DoEd) launched the Government Coordinating Council (GCC) to fortify cybersecurity in K-12 educational institutions. The DoEd partnered with the Cybersecurity and Infrastructure Security Agency (CISA) to create the new group, which “signifies an unprecedented level of collaboration between federal, state, tribal, and local governments to protect schools from cybersecurity threats”, according to the press release from the department.
Cybersecurity in education is an increasingly topical concern. A 2022 survey by the US Government Accountability Office found that more than 600,000 American K-12 students were affected by ransomware attacks. Schools are a part of the “target rich, resource poor” group that CISA’s 2024-2026 Cybersecurity Strategy defined - they collect valuable information without having the budget to adequately protect it. This can have devastating effects for students whose identities are stolen, particularly because the theft may go undetected for a long period. Privacy to sensitive information can also be lost; a cyberattack on Minneapolis Public Schools in 2023 affected at least 105,000 people with medical histories, discipline information, even sexual assault records being made public as the result of a data breach. The Education Department and CISA’s new GCC is aimed at combating these cybersecurity risks.
Director of CISA, Jen Easterly, believes this collaboration is crucial: “The importance of protecting our schools, students, and educators from cyber threats cannot be overstated—I’m very proud of the work the Department of Education and CISA are doing in this critical area, working collaboratively with the K-12 community. I am especially excited that the Education Facilities Subsector Government Coordinating Council is being launched today; it will have a vital role in helping to guide efforts to ensure a safer and more resilient learning environment for our classrooms across the nation.”
The creation of the GCC was first announced in August 2023, as part of a series of efforts to Strengthen America’s K-12 Schools’ Cybersecurity. Alongside this announcement, the White House also shared that FCC Chairwoman Jessica Rosenworcel was developing a pilot program that could invest “up to $200 million in three years” into school and library cybersecurity, that CISA had released a guidance document on building and sustaining technology infrastructure for education leaders, even while committing to delivering cybersecurity training to 300 new K-12 entities.
CISA’s National Initiative for Cybersecurity Careers and Studies (NICCS) offers K-12 teachers plenty of tools, even a curriculum to help students learn about cybersecurity and possible careers. In January 2024, The DoEd released its Readiness and Emergency Management for Schools (REMS) Technical Assistance Center, which provides resources for K-12 schools and higher education institutions, covering cyber threats and appropriate mitigation strategies.
The GCC is just one part of the federal government’s many ventures to improve cybersecurity for the unprotected education sector. By bolstering security for schools, the Department of Education is not only safeguarding valuable information but also ensuring a safer and more resilient learning environment for classrooms nationwide - securing the future of the country.