Our K–12 schools are under cyberattack. From 2016 to 2022, public K–12 schools in the United States fell victim to more than 1,600 cyber incidents, including ransomware, phishing, and denial-of-service (DoS) attacks. Recently, schools in Minnesota, New Hampshire, and North Carolina were shuttered as a result. These attacks have caused considerable disruption to students and educators caught in the crosshairs.
We are nearing the end of National Cybersecurity Education Month, an effort led by Senator Jacky Rosen (D-NV), to increase awareness of cybersecurity education and its role in improving US national security. Now more than ever, we have a responsibility to stop cyber incidents on schools before they begin. This starts with K–12 cybersecurity education.
Many schools lack funding for sophisticated cyber protections and IT talent to protect infrastructure, making them easy targets. The federal government has taken notice. The Cybersecurity & Infrastructure Security Agency (CISA) now provides recommendations on the key steps K–12 schools to effectively reduce cybersecurity risk.
This underscores the importance of preventing cyberattacks on schools from happening in the first place by investing in K–12 cybersecurity education and the next generation of cybersecurity professionals.
The nation continues to face a systemic cyber talent workforce shortage, with more than 750,000 open cybersecurity positions. At the same time, less than half of students nationwide are learning about cybersecurity in the classroom. CISA Director Jen Easterly emphasized that addressing the cybersecurity talent gap begins by engaging students at all levels of education, as well as more women, girls, and minorities in cybersecurity.
There is infrequent and unequal access to K–12 cybersecurity education, as students in small and high-poverty districts are significantly less likely to be exposed to the subject.
Here are three key steps educators and school leaders can take to ensure that all students — regardless of socioeconomic status or ZIP code — have access to cybersecurity education.
1. Continue Cybersecurity Education for Teachers
Teachers are central to empowering students in every subject, but this isn't possible unless we empower teachers with the skills and confidence to teach cybersecurity. Through professional development and readily available resources, educators can learn core cybersecurity concepts and become cyber literate. Armed with the skills and tools to teach cybersecurity, educators can inspire students to succeed in our 21st-century workforce.
2. Integrate Cybersecurity Education and Standards Into Existing Curriculum
Introducing cybersecurity concepts in the classroom can seem daunting, but thanks to existing resources, educators don't need to start from scratch. Educators can use no-cost cybersecurity lessons to integrate cybersecurity into their curriculum, regardless of the subject they teach. Additionally, the national K–12 Cybersecurity Learning Standards provide another road map for educators to ensure students have not only a foundational understanding of cybersecurity, but also the skills and knowledge needed to pursue cybersecurity careers in greater numbers. Designed to be comprehensive, easy to use and easy to find, the standards are available to states, districts, and all educators at no cost.
3. Partner on Cybersecurity With Colleges and Universities
When presenting K–12 students with a potential new career path, it's important to provide examples of what pursuing cybersecurity can lead to. Establishing partnerships and mentorship programs between K–12 schools and higher education institutions that offer cybersecurity degree programs help students envision pursuing cybersecurity in college and as a career.
Building a pipeline of future cyber professionals starts with ensuring that all K–12 students have equitable access to cybersecurity education and the skills to pursue careers in the field. Dedicated educators and school leaders are essential to making this a reality. By investing in a strong future cybersecurity workforce, we can prevent future cyberattacks on US critical infrastructure, like our K–12 schools, before they occur.