Why federal-education partnerships are critical for cybersecurity

Key points:

• Schools must prioritize ZTS and integrate robust cybersecurity practices
• FCC adopts $200M cybersecurity pilot program
• Cybersecurity is top priority for K-12 edtech leaders
• For more news on cybersecurity, visit eSN’s IT Leadership hub

The Federal Communications Commission (FCC) recently voted to adopt a three-year, $200 million Schools and Libraries Cybersecurity Pilot Program. The pilot program will provide schools and libraries with cybersecurity services and equipment. It will also allow the FCC to gather and analyze data on which cybersecurity services and equipment would best help K-12 schools and libraries address growing cyber threats and attacks against their broadband networks.

While the much-needed resources and funding represent a significant step towards fortifying cybersecurity in the education sector, it remains a modest advancement for a critical issue. As K-12 schools increasingly become prime targets for cyber criminals due to their often-limited resources and reliance on outdated systems, the collaboration between the federal government and the education sector is more crucial than ever.

By providing essential funding, advanced cybersecurity resources, expert guidance, and gathering analytics and data, the federal government can help schools effectively protect against cyber threats.

The critical importance of federal collaboration with schools

Establishing partnerships between federal entities, cybersecurity experts, and the education sector offers numerous benefits, including enhanced information sharing, expanded training opportunities, and access to specialized resources. For example, the partnership between the Department of Homeland Security and K-12 schools with the Cybersecurity Education and Training Assistance Program has provided resources and training to thousands of educators, helping to integrate cybersecurity concepts into K-12 education and foster a culture of proactive cybersecurity awareness and preparedness within the educational community. Additionally, the U.S. Department of Education and the Cybersecurity and Infrastructure Security Agency launched the Government Coordinating Council (GCC) for the Education Facilities Subsector, enhancing collaboration among all levels of government to protect K-12 schools from cyber threats.

The federal government plays a pivotal role in shaping cybersecurity practices across K-12 schools, which often lack their own necessary guidance and policies around cybersecurity practices. By adhering to guidance from the federal government–like what we see in the K-12 Digital Infrastructure Brief–schools can work toward improved cybersecurity.

Collaboration efforts are most effective when schools prioritize and leverage available resources

The effectiveness of the FCC initiative, policies published by the federal government, and other similar collaborative efforts from the federal government hinges on two efforts that fall solely on schools.

First, schools must make cybersecurity a priority. Effective prioritization of cybersecurity comes from leadership and involves identifying specific vulnerabilities, allocating resources, and creating a comprehensive plan and budget to address potential threats. To respond to cyber threats effectively, cybersecurity must be supported from the top down.  

Second, schools must utilize the resources provided by the federal government to address both their immediate vulnerabilities and long-term security needs. With cyber threats increasingly targeting the education sector and threats not slowing down any time soon, it is vital that schools prioritize and adopt a strategic approach to maximize the impact of federal collaboration efforts, which focus on immediate, achievable goals.

Partnering with federal agencies grants access to specialized resources and funding and provides schools with crucial guidance on cybersecurity best practices, often enhancing their cybersecurity posture. Educational entities can also partner with one another to increase their buying power to bolster their cybersecurity resources, such as partnering to buy software and licenses as a collective.

Beyond the FCC funding

Schools, just like many other sectors, operate in a hybrid environment and must have an actionable plan in place to protect their valuable data no matter the location. It is crucial to secure endpoints, including laptops, tablets, and mobile devices, with comprehensive protection solutions that provide real-time monitoring and threat detection. This shift to digital learning environments has expanded the attack surface, making every connected device a potential entry point for cyber threats.

The education sector is not required to meet a Zero Trust deadline as required for federal government agencies. However, as the education sector looks to the federal government for collaboration and best practices, it should also consider implementing a Zero Trust framework–ideally one with segmentation at its core. Zero Trust Segmentation (ZTS)–segmentation using Zero Trust principles–is a crucial technology within the Zero Trust framework. Through the continuous visualization of all communication patterns and traffic between workflows, devices, and the internet, ZTS constantly verifies a user and creates granular policies that permit only essential communication. If an attack were to occur, ZTS applies the principles of Zero Trust to broaden visibility into all networks and across all traffic and limit free lateral movement–containing the attack and minimizing its impact.

Schools should also implement endpoint protection platforms that not only safeguard against malware and viruses but also offer advanced features, such as behavioral analysis and automated response capabilities. These solutions should be able to identify suspicious activities and isolate compromised devices to prevent the spread of infections. Real-time monitoring ensures that any anomalies are detected immediately, allowing for swift action to mitigate potential threats.

It is crucial schools enforce policies for regular software updates and patching efforts, alongside educating students and staff on best practices for device security. By securing endpoints comprehensively and prioritizing timely implementation of these measures, schools can protect the integrity of their hybrid learning environments and ensure the safety of their educational communities.

Given the constantly changing threat landscape, schools must act with urgency and have robust cybersecurity plans in place now, rather than in a decade. Any improvement is a step in the right direction, and organizations don’t need to achieve 100 percent security immediately.

Enhancing cybersecurity for educational resilience

Overall, while the FCC’s program marks a crucial investment in enhancing cybersecurity across K-12 schools and will generate valuable data on which services work best for the education community, it addresses only a fraction of the challenges faced by educational entities. To maximize the impact of this funding and other federal collaboration efforts, schools must prioritize ZTS, integrate robust cybersecurity practices into their educational frameworks, and foster collaborative partnerships with federal agencies and industry experts.

Continued advocacy for increased support and streamlined collaboration will further bolster cybersecurity resilience, ensuring that K-12 schools can adapt effectively to evolving cyber threats and provide a safe digital space for students and educators alike.

About the Author:

Gary Barlet is the Public Sector Chief Technology Officer at Illumio, where he works with government agencies, contractors, and the broader ecosystem to incorporate Zero Trust Segmentation, or microsegmentation, as a strategic enabler of Zero Trust architecture. He can be reached at gary.barlet@illumio.com.