School might be out for the summer, but the Des Moines Public Schools administration is reaching out to families—not to issue report cards or check up on summer reading progress. Instead, the district will be informing nearly 6,700 individuals that their personal data was exposed in ransomware attack that took all systems offline in January. Des Moines was not alone in being targeted by malicious actors, which is why many are wondering, “How are states supporting K-12 cybersecurity amid growing threats?”
Iowa Congressman Zach Nunn pushed for more than just state intervention and proposed a bipartisan bill, Enhancing K-12 Cybersecurity Act, to provide critical resources for prevention, detection, and response. Nunn’s vision is shared not only in Congress but across federal agencies as well. CISA’s cybersecurity mission recognizes that K-12 schools are among the most vulnerable, and according to a readout from CISA’s 2023 Second Quarter Cybersecurity Advisory Committee Meeting, the federal government is working toward the goal of “turning the corner on cyber hygiene.”
“One way the subcommittee is supporting this effort is by listening to and learning from experts working in “target-rich, cyber-poor" sectors such as K-12 school administrators, hospital and healthcare administrators, and leaders in the water sector understanding that they will be beneficiaries of this effort,” said Subcommittee Chair George Stathakopoulos.
In addition to efforts to improve the overall cybersecurity posture of the K-12 sector, there is growing concern about the protecting the collection and use of children’s data. According to Bloomberg Law, oversight of the use of student data typically falls under the Education Department and the Federal Trade Commission, but new legislation introduced this week, “aims to ensure that an education agency has direct control of entities with access to student records.”
To learn more about protecting data and the supply chain, explore the content available in our Library. Now let’s look at what else made industry headlines this week.
Jun. 23: Infosecurity Magazine reported, “During Infosecurity Europe, John Giamatteo, president of BlackBerry Cybersecurity, told Infosecurity Magazine what he expects from this upcoming summit, what role the cybersecurity industry should play in securing AI practices and why government intervention should encourage innovation and not stifle it.”
Jun. 23: In light of the increasing cyberattacks on broadcasters, Brian Morris, CISO, Gray Television said companies need to build a strong culture of cybersecurity from the C-suite down.
Jun. 22: “The U.S. Small Business Administration (SBA) announced today that the agency will host a cyber summit in October 2023,” Homeland Security Today reported. “The free cybersecurity series supports America’s 33 million small businesses with tools, tips, and resources from multiple federal agencies to bolster their cybersecurity infrastructure.”
Jun. 20: The Hacker News reported, “Over 101,100 compromised OpenAI ChatGPT account credentials have found their way on illicit dark web marketplaces between June 2022 and May 2023, with India alone accounting for 12,632 stolen credentials.”
Jun. 22: Australia has named Air Marshal Darren Goldie, Senior Air Force Commander, as the National Cybersecurity Coordinator.
Jun. 21: “Apple addressed three new zero-day vulnerabilities exploited in attacks installing Triangulation spyware on iPhones via iMessage zero-click exploits,” according to Bleeping Computer.
Jun. 20: Though not yet released, the soon-to-be-published US Securities and Exchange Commission’s (SEC) rules on cybersecurity for private companies is expected to require board level expertise in cyber.
Jun. 20: In an effort to, “keep pace with international practices,” Jordan’s National Cybersecurity Center had drafted a national cybersecurity framework.
Jun. 19: In response to continued concern about the growing workforce gap, think tanks, academia, nonprofits, the private sector, and professional associations have launched myriad initiatives, “to help facilitate entry-level cybersecurity skills development and career opportunities.”