October is Cybersecurity Awareness Month. This campaign began in 2003 as a collaboration between the public and private sectors to provide the resources needed to help all Americans stay safe and secure online. The theme for this year’s campaign is “Do Your Part. #BeCyberSmart.” This theme is meant to encourage individuals and organizations to do their part to protect their online presence by stressing personal accountability and the importance of being proactive in learning how to reduce cybersecurity risks. President Joe Biden proclaimed October 2021 as Cybersecurity Awareness Month for the entire country and Gov. Greg Abbot did the same for our state.
Cybersecurity remains a top priority for school districts across the nation as the number of cybersecurity attacks has continued to rise. As a result, President Biden signed the K-12 Cybersecurity Act of 2021 into law on Oct. 8. This authorizes the Cybersecurity and Infrastructure Security Agency (CISA) director to conduct a study of specific risks impacting K-12 schools within 120 days. After this, the director has 60 days to develop recommendations for cybersecurity guidelines for K-12 schools that are based on the results of the study. The director will then have 120 days to create an online training tool kit to assist K-12 school officials to better respond to cybersecurity risks. The recommendations and tool kit developed from the study will be available to K-12 schools to implement on a voluntary basis, so it will be up to each one of them to adopt them accordingly. Although this process will take about 10 months to complete, it is significant in that the federal government is making K-12 cybersecurity a priority and will direct some of its resources towards that endeavor.
On the state level, Texas is one of the few states which has passed legislation requiring school districts to follow best industry practices to address some of these cybersecurity risks. In 2019 the state enacted the following two laws:
• Senate Bill 820 - Requires that school districts designate a cybersecurity coordinator, adopt a cybersecurity policy to determine risks, implement mitigation planning and to report any cybersecurity breach to the Texas Education Agency (TEA)
• House Bill 3834 - Requires government entities, including school districts, to provide certified end user security awareness training for staff and contractors and to file a compliance report to the Texas Department of Information Resources (DIR)
At Odem-Edroy ISD we have been working diligently on complying with this state legislation through the guidelines established by the DIR, TEA and cybersecurity industry best practices. We have implemented a number hardware, software and services over the last two school years to help us follow these guidelines and keep our district systems and data safe from online threats. This school year will be no different as we plan to continue updating our systems, policies and procedures, as well as providing more training for our staff. Through these initiatives, our district and staff are ready to take up this month’s theme “Do Your Part. #BeCyberSmart.”