US adopts cybersec program to protect schools and libraries from attacks


US government officials voted yes to a new cybersecurity pilot program intended to help America’s schools and library systems bolster their defenses against the rising number of cyberattacks targeting the education sector.

The Federal Communications Commission (FCC), a US consumer watchdog agency, announced the adoption of the “Schools and Libraries Cybersecurity Pilot Program” on Thursday.

The program, first proposed by the US Cybersecurity and Infrastructure Security Agency (CISA) in November 2023, will cover all K-12 schools and libraries, both public and private.

Advocates say the lack of budgets, manpower, and expertise to develop robust security measures at educational institutions has made school districts a prime target for ransomware groups in recent years.

“This pilot program is an important pathway for hardening our defenses against sophisticated cyberattacks on schools and ransomware attacks that harm our students and get in the way of their learning,” FCC chairwoman Jessica Rosenworcel has said.

Promoting digital equity

The three-year agenda will not only provide funds to “defray the costs of eligible cybersecurity services and equipment,” such as advanced firewall services but also gather the “actionable data” needed to determine the most effective ways to do so.

The pilot program is a pet project of Chairwoman Rosenworcel and part of the broader Learn Without Limits initiative, which promotes and funds access to high-speed internet access for students across the nation.

“Protecting our students is a critically important task and one that touches on the mission of several federal agencies. Ultimately, we want to learn from this effort, identify how to get the balance right, and provide our federal, state, and local government partners with actionable data about the most effective and coordinated way to address this growing problem,” said Rosenworcel.

The $200 million in funds would be established within the Universal Service Fund (USF), which helps lower-income Americans pay for telecommunications services.

The FCC has also committed to using some of the funds to help schools modernize broadband access, such as by adding WiFi to school buses, libraries in Tribal communities, and off-premise use of WiFi hotspots.

Ransomware attacks on schools: the new normal

According to a 2023 Comparitech research report, there were roughly double the number of attacks on educational institutions in the first half of 2023, compared to all of 2022.

Furthermore, between 2018 and mid-2023, ransomware attacks impacted the records of 6.7 million students across the globe while costing local economies over $53 billion in downtime.

Ransomware groups known for targeting US school systems in 2023 include LockBit, Royal (BlackSuit), Medusa, and Rhysida. The Vice Society group topped that list in 2022, and before that, the ransomware outfits Ryuk and Pysa were the leading gangs attacking schools, the Comparitech research showed.

Underscoring the need to help bolster security defenses in the education sector was the recent ransomware attack on the Seattle Public Library system, comprised of 27 individual branches.

Seattle public library interior
Image by Seattle Public Library

The Memorial Day weekend attack in May forced the library to take its entire network offline and has since implemented a manual check-out system.

In its latest update on June 6th, the Seattle Public Library reiterated that “some services continue to be down,” including in-building wifi services, library account access, the library app, e-books, e-audiobooks, library databases, public computers, payments systems, and more.

“We are working to securely bring them back online. Unfortunately, we do not have an estimate for when all services will be restored,” the update said.