[TheRecord] GAO says confusion over responsibilities has left schools vulnerable to cyber attacks

Confusion over which government department or agency is responsible for protecting school networks against cyber attacks has left the nation’s K-12 institutions especially vulnerable to ransomware, according to a new report from the Government Accountability Office.

After speaking with officials from schools across the country, the GAO said that they found officials were uniformly unclear about whether upgrading their 2010 cyber security plan fell under the purview of the Department of Education or the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).

“Education officials state that the department has not updated the sector plan and not determined the need for sector-specific guidance because CISA has not directed it to do so,” the report said, adding that it had determined that the Department of Education “is responsible for updating its sector plan and determining the need for guidance.” The confusion, the report said, had essentially allowed updating the cyber security plan to fall through the cracks.

Cyberattacks against schools have been on the rise. According to a database of publicly reported ransomware attacks maintained by Recorded Future, there were 56 cyber attacks against schools in 2020 and there have already been 77 so far this year. In 2019, there were 62 publicly reported ransomware attacks against schools, compared with just 11 in 2018.

The four Democratic senators who asked the GAO for the review — Maggie Hassan of New Hampshire, Krysten Sinema of Arizona, Jacky Rose of Nevada, and Chris Van Hollen of Maryland — said in a joint letter released after the report that the rapid rise in ransomware is fueling the growing number of K-12 cyber attacks.

“2019 saw almost three times more incidents than 2018  and 2020 saw a further 18 percent increase over 2019,” they wrote. “These incidents include ransomware attacks on school districts in New Hampshire, Nevada, Arizona, and Maryland.“

The four Senators urge the Department of Education and DHS’s Cybersecurity and Infrastructure Security Agency (CISA) to work together to update the Department of Education’s cyber security plan for schools. The lawmakers also urged the Department of Education and CISA to determine whether K-12 schools need specific guidance and best-practices to help improve their cybersecurity.  

Among other things, the GAO report provided a comprehensive list of resources from the Education Department, CISA, and the FBI aimed at helping K-12 schools fend off attacks. But the report said that schools either weren’t aware of the offerings or do know how to get them.

“As a result,” the report said, “K-12 schools are less likely to have the federal products, services, and support that can best help protect them from cyberattacks.” 

The post GAO says confusion over responsibilities has left schools vulnerable to cyber attacks appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[SecurityWeek] Palo Alto Networks Patches Critical Vulnerability in Cortex XSOAR

All posts, Security Week

A security advisory published on Tuesday by Palo Alto Networks informs customers about the availability of patches for a critical vulnerability affecting the company’s Cortex XSOAR product. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[ZDNet] Minister apologises for myGov breach of Redress Scheme survivor’s information

All posts, ZDNet

Minister Anne Ruston has apologised to a survivor who had her application to Australia’s National Redress Scheme shared with another survivor via the government’s myGov portal. Source: Read More (Latest topics for ZDNet in Security)

Read More

[ZDNet] Google Cloud joins forces with Cybereason for XDR platform

All posts, ZDNet

Google Cloud and Cybereason are connecting for a new XDR initiative. Source: Read More (Latest topics for ZDNet in Security)

Read More