Dive Brief:
- A new initiative to improve ed tech cyberdefense measures by encouraging collaboration between vendors and cybersecurity experts is being launched by the U.S. Department of Education and the University of California, Berkeley, Center for Long-Term Cybersecurity.
- Known as the Partnership for Advancing Cybersecurity in Education, or PACE, the plan aims to develop insights that will guide ed tech companies to better secure their school-based offerings.
- Additionally, the partnership will hold a PACE EdTech Summit in October on cybersecurity in ed tech products, benefits of secure-by-design principles, and ways to address product vulnerabilities to boost the security of K-12 schools' digital infrastructure nationwide.
Dive Insight:
This partnership comes after ed tech vendors were found to be the entry points for more than half of K-12 data breaches between 2016 to 2021, according to nonprofit K-12 Security Information Exchange.
Already in full swing, districts’ ed tech use rose dramatically when the COVID-19 pandemic shut down school buildings in spring 2020.
In the year prior, districts used an average of 895 tools, according to a 2023 Instructure’s LearnPlatform report. But in spring 2020, the number of ed tech tools used by districts jumped to 2,263, the report found. The use of those tools has since remained steady at the district level with an average of 2,591 different tools used during 2022-23, according to the report.
PACE was developed in the wake of the White House’s release of the National Cybersecurity Plan, which suggested major technology companies — rather than local governments and under-resourced consumers — should carry the burden of bolstering cybersecurity.
“By uniting the expertise of cybersecurity professionals with the innovation of key edtech vendors, we can help proactively address cyber vulnerabilities before they lead to ransomware attacks that disrupt students’ learning, school operations, and compromise sensitive student data,” said U.S. Deputy Secretary of Education Cindy Marten in a statement last week on the creation of PACE.
PACE looks to be one more step in the path toward ensuring that ed tech companies secure sensitive student and staff information stored by schools. While the Cybersecurity and Infrastructure Security Agency created a pledge in September for K-12 ed tech software providers to show their commitment to improving their products' security, that pledge is voluntary and not enforceable.
Cybersecurity also continues to be the top concern among district ed tech leaders, as schools work to bolster their cyberdefense, according to a recent survey of 981 ed tech leaders from the Consortium for School Networking. For instance, more districts are using two-factor authentication now, with 72% reporting doing so in 2024 compared with 40% in 2022.
Meanwhile, as evidenced by the launch of PACE and other initiatives, efforts are growing to support districts in improving cybersecurity.
In April, the Education Department and CISA launched a council to help coordinate federal, state, tribal and local efforts to improve protections for schools’ digital infrastructure. On top of that, 75 education-related cybersecurity bills were enacted at the state level in 2023, marking a 620% surge from 2020, according to CoSN.
Dive Awards
