In a rare victory, Congress passes Langevin bill to protect schools from cyber-attacks

The legislation now heads to President Biden’s desk to be signed into law 

The U.S. House of Representatives passed bipartisan legislation authored by U.S. Senators Gary Peters (D-MI), Chairman of the Homeland Security and Governmental Affairs Committee, and Rick Scott (R-FL) to enhance cybersecurity assistance to K-12 educational institutions across the country. Representative Jim Langevin (D-RI-02) led the House companion bill. 

Schools are responsible for securing a considerable amount of sensitive records related to their students and employees, including student grades, family records, medical histories, and employment information. 

The bill will help educational institutions bolster their cybersecurity protections by instructing the Cybersecurity and Infrastructure Security Agency (CISA) to examine the risks and challenges that schools face in securing their systems. 

Using their findings, CISA is charged with creating cybersecurity recommendations and other voluntary resources for schools to use when implementing their cybersecurity solutions. The bill passed the Senate in August and now heads to President Biden’s desk to be signed into law. 

“Throughout the pandemic, criminal hackers have ramped up their attacks on our nation’s schools, disrupting entire school districts and jeopardizing the personal information of students and educators alike. This legislation will help shore up our schools’ cyber defenses and protect our students and educators against those who wish them harm,” said Rep. Jim Langevin, co-chair of the Congressional Cybersecurity Caucus. 

“I thank Senators Peters and Scott for their leadership passing this bill in the Senate, and I look forward to President Biden signing this critical legislation into law.” 

“Ransomware and other cyber-attacks that can shut down our K-12 schools and compromise the personal information of our students and dedicated educators are unacceptable and must be stopped. We must provide faculty and staff with the resources and means that they often lack to defend themselves and their students against complicated cyber-attacks,” said Senator Peters. 

“I’m pleased this bipartisan legislation has passed the House and I urge the President to sign it into law as soon as possible so we can better protect K-12 schools and prevent criminals from stealing the personal information of teachers, students, and other staff in schools across the nation.” 

“We must do everything possible to protect the safety of every American student — and as we move to an increasingly digital world, this includes the safety of their personal information online,” said Senator Scott. 

“The K-12 Cybersecurity Act will ensure our schools have the resources they need to bolster cybersecurity and protect our K-12 students, educators, employees, and their families. I am proud of my colleagues in the Senate and House for coming together to pass this valuable legislation and look forward to it becoming law.” 

Cyber-attacks on schools increased over the past year as Americans’ daily lives and classrooms moved online during the pandemic, including attacks against schools in Michigan. In one attack on Walled Lake Consolidated Schools, hackers successfully accessed records and posted information online. 

In 2018, Johannesburg-Lewiston Area Schools in Michigan were targeted by a malicious ransomware attack that temporarily shut down the district’s systems. 

In Florida, hackers successfully stole thousands of files from Broward County’s School District systems earlier this year.  

The K-12 Cybersecurity Act directs DHS’s Cybersecurity and Infrastructure Security Agency (CISA) to work with teachers, school administrators, other federal departments and private sector organizations to complete a study of cybersecurity risks specific to K-12 educational institutions, including risks related to securing sensitive student and employee records and challenges related to remote-learning. 

Following the completion of that study, the bill directs CISA to develop cybersecurity recommendations and an online toolkit to help schools improve their cybersecurity hygiene. These voluntary tools would be made available on the DHS website along with other DHS school safety information.

The K-12 Cybersecurity Act has been endorsed by the Michigan Association for Computer Users in Learning, Michigan Association of School Boards, Consortium for School Networking, School Superintendents Association, National Association of Secondary School Principals and the American Federation of Teachers.