K–12 schools in the United States are increasingly becoming targets for cyberattacks, with over 1,600 incidents reported between 2016 and 2022. These attacks, including ransomware, phishing, and denial-of-service (DoS) attacks, have caused significant disruption to students and educators across the country. In recent weeks, schools in Minnesota, New Hampshire, and North Carolina were forced to close due to cyberattacks. As National Cybersecurity Education Month comes to a close, it is clear that there is an urgent need for improved cybersecurity measures in schools.
One of the main reasons why K–12 schools are vulnerable to cyberattacks is the lack of funding for sophisticated cyber protections and IT talent. Recognizing this issue, the Cybersecurity & Infrastructure Security Agency (CISA) now provides recommendations for schools to effectively reduce cybersecurity risks. However, preventing these attacks from happening in the first place requires investing in K–12 cybersecurity education and grooming the next generation of cybersecurity professionals.
A major challenge in this endeavor is the shortage of cyber talent in the country, with over 750,000 open cybersecurity positions currently unfilled. Compounding this issue is the fact that less than half of students nationwide are learning about cybersecurity in the classroom. CISA Director Jen Easterly has stressed the importance of addressing this talent gap by engaging students at all levels of education, as well as increasing the participation of women, girls, and minorities in cybersecurity.
Unfortunately, access to K–12 cybersecurity education remains limited and unequal, with students in small and high-poverty districts being significantly less likely to receive exposure to the subject. To address this disparity, educators and school leaders can take three key steps to ensure that all students, regardless of their socioeconomic status, have access to cybersecurity education.
The first step is to continue cybersecurity education for teachers. By providing professional development opportunities and readily available resources, educators can enhance their understanding of core cybersecurity concepts and become cyber literate. Equipped with the necessary skills and tools, teachers can then inspire and empower their students to succeed in the 21st-century workforce.
The second step is to integrate cybersecurity education and standards into existing curriculum. Educators do not need to start from scratch, as there are already resources available for them to incorporate cybersecurity concepts into their teaching regardless of the subject they specialize in. The national K–12 Cybersecurity Learning Standards serve as a comprehensive and user-friendly roadmap for educators, ensuring that students not only grasp the foundational principles of cybersecurity but also possess the skills and knowledge required for potential careers in the field.
The third and final step is to establish partnerships with colleges and universities that offer cybersecurity degree programs. By providing K–12 students with examples of the career opportunities that cybersecurity can offer, such partnerships can inspire and motivate students to pursue further education in the field. Mentorship programs can also be implemented to guide and support students throughout their educational journey towards a career in cybersecurity.
It is crucial to build a pipeline of future cybersecurity professionals by ensuring equitable access to cybersecurity education for all K–12 students. Dedicated educators and school leaders play a vital role in making this vision a reality. By investing in a robust and skilled cybersecurity workforce, future cyberattacks on critical infrastructures like K–12 schools can be prevented. Now more than ever, it is imperative that the nation recognizes the importance of cybersecurity education and takes proactive measures to safeguard our educational institutions.