The Cybersecurity and Infrastructure Security Agency on Tuesday announced a voluntary pledge for K-12 educational technology companies to commit to designing their products with greater built-in security.
“We need to address K-12 cybersecurity issues at its foundation by ensuring schools and administrators have access to technology and software that is safe and secure right out of the box,” CISA Director Jen Easterly said in the agency’s announcement.
Cases of ransomware and malicious cyber activity, especially those aimed at K-12 school districts in the United States, are on the rise. A school district in Carlisle, Pennsylvania, this month became one of the latest ransomware victims.
The Biden administration has also acknowledged the vulnerability faced by school districts with outdated security systems. In March, the White House released its National Cybersecurity Strategy, which outlines how to help school districts fight cybersecurity threats across the country through training and computer system upgrades. Rural districts in particular are prime targets, as they often have fewer resources to devote to cybersecurity.
Companies that sign CISA’s pledge are publicly agreeing to adopt three principles:
- Take ownership of customer security outcomes.
- Embrace radical transparency and accountability.
- Lead from the top by making secure technology a key priority for company leadership.
In addition, the pledge also includes specific, publicly measurable “secure by design” principles companies are committing to when they sign. PowerSchool, Classlink, Clever, GG4L, Instructure, and D2L, some of the largest providers of K-12 education software in the United States, have all signed the pledge.
“We need all K-12 software manufacturers to help us improve cybersecurity for the education sector by committing to prioritize security as a critical element of product development,” Easterly said.